π₯User Roles & Permissions
Role-based access for controlling feature-level permissions via your organisationβs IDP.
Access Roles Overview
Trusst AI supports a flexible, role-based access control system to manage user permissions across the platform. Each role grants access to specific features and actions within the application.
Roles must be assigned through your organisationβs identity provider (IDP), such as Okta or Microsoft Entra ID. These roles must be passed to Trusst AI in the groups claim of the ID token. The values must match exactly, as shown below.
The supported role keys are:
Viewer (
trusst_ai_viewer)Evaluator (
trusst_ai_evaluator)Prompt Admin (
trusst_ai_prompt_admin)AI Agent Admin (
trusst_ai_agent_admin)App Admin (
trusst_ai_app_admin)
Ensure that users are assigned to one or more of these roles in your IDP, and that the `groups` claim is included in the authentication payload.
Example Authentication Payload
{
"sub": "idp|ml-ops-9087",
"name": "Al Gorithm",
"email": "[email protected]",
"groups": [
"trusstai_viewer",
"trusstai_prompt_admin"
]
}Role-Based Permissions Table
Feature
Permission
Viewer
Evaluator
Prompt Admin
AI Agent Admin
App Admin
Insights
read:insights
β
β
β
π«
β
create:widget
π«
β
β
π«
β
delete:widget
π«
β
β
π«
β
Import
read:imports
β
β
β
π«
β
create:import
π«
π«
β
π«
β
Contacts
read:contacts
β
β
β
π«
β
read:audio-contact
π«
β
β
π«
β
Prompts
read:prompts
π«
β
β
π«
β
create:prompt
π«
β
β
π«
β
update:prompt
π«
β
β
π«
β
create:publish-prompt
π«
π«
β
π«
β
Ratings
read:ratings
β
β
β
π«
β
create:rating-prompt
π«
β
β
π«
β
Settings
read:settings
β
β
β
π«
β
update:settings
π«
π«
π«
π«
β
AI Agents
read:trusstedagent
β
π«
π«
β
β
create:trusstedagent
π«
π«
π«
β
β
update:trusstedagent
π«
π«
π«
β
β
delete:trusstedagent
π«
π«
π«
β
β
Last updated