Trusst AI Resource Centre
  • πŸ‘‹Welcome to the Trusst AI Resource Center.
  • Overview
    • 🌏Why We're Here & What We Do
    • πŸ’‘Problem Statement
    • πŸ”‘Use Cases
    • ✨Capabilities
      • πŸ‘‚Lissten (transcribe & translate)
      • 🀝Trussted Agent (conversational AI)
      • 🌊AI Workflows (alerts, triggers, workflows)
      • πŸ‘€InteractIQ (AI powered Insights)
      • πŸ’¬DataDialog (conversational interface)
      • πŸ—ΊοΈTrusst Based Routing (AI powered Decision Engine)
    • πŸ’³Trusst AI Subscription Fees
  • Product Guides
    • πŸ› οΈDeployment Guide (Trusst AI on AWS)
    • πŸ“–User Guide
    • πŸ”‘Integrating Your Identity Provider
    • πŸ‘₯User Roles & Permissions
    • ♻️Suggested Iteration Cycle
    • ☁️Trusst AI Architecture
    • Network Considerations
    • πŸ”Data Security
    • πŸš΄β€β™‚οΈData Lifecycle Management
    • 🫢Advocating for Responsible AI
    • πŸ”§Testing, Troubleshooting & Health Check
    • Shared Responsibility Model
    • πŸ’Support
    • πŸ“ˆAI Model Training & Testing
    • ❓Frequently Asked Questions
Powered by GitBook
On this page
  • Access Roles Overview
  • Example Authentication Payload
  • Role-Based Permissions Table
  1. Product Guides

User Roles & Permissions

Role-based access for controlling feature-level permissions via your organisation’s IDP.

Access Roles Overview

Trusst AI supports a flexible, role-based access control system to manage user permissions across the platform. Each role grants access to specific features and actions within the application.

Roles must be assigned through your organisation’s identity provider (IDP), such as Okta or Microsoft Entra ID. These roles must be passed to Trusst AI in the groups claim of the ID token. The values must match exactly, as shown below.

The supported role keys are:

  • Viewer (trusst_ai_viewer)

  • Evaluator (trusst_ai_evaluator)

  • Prompt Admin (trusst_ai_prompt_admin)

  • AI Agent Admin (trusst_ai_agent_admin)

  • App Admin (trusst_ai_app_admin)

Ensure that users are assigned to one or more of these roles in your IDP, and that the `groups` claim is included in the authentication payload.

Example Authentication Payload

{
  "sub": "idp|ml-ops-9087",
  "name": "Al Gorithm",
  "email": "zero.shot@example.com",
  "groups": [
    "trusstai_viewer",
    "trusstai_prompt_admin"
  ]
}

Role-Based Permissions Table

Feature

Permission

Viewer

Evaluator

Prompt Admin

AI Agent Admin

App Admin

Insights

read:insights

βœ…

βœ…

βœ…

🚫

βœ…

create:widget

🚫

βœ…

βœ…

🚫

βœ…

delete:widget

🚫

βœ…

βœ…

🚫

βœ…

Import

read:imports

βœ…

βœ…

βœ…

🚫

βœ…

create:import

🚫

🚫

βœ…

🚫

βœ…

Contacts

read:contacts

βœ…

βœ…

βœ…

🚫

βœ…

read:audio-contact

🚫

βœ…

βœ…

🚫

βœ…

Prompts

read:prompts

🚫

βœ…

βœ…

🚫

βœ…

create:prompt

🚫

βœ…

βœ…

🚫

βœ…

update:prompt

🚫

βœ…

βœ…

🚫

βœ…

create:publish-prompt

🚫

🚫

βœ…

🚫

βœ…

Ratings

read:ratings

🚫

βœ…

βœ…

🚫

βœ…

create:rating-prompt

βœ…

βœ…

βœ…

🚫

βœ…

Settings

read:settings

βœ…

βœ…

βœ…

🚫

βœ…

update:settings

🚫

🚫

🚫

🚫

βœ…

AI Agents

read:trusstedagent

βœ…

🚫

🚫

βœ…

βœ…

create:trusstedagent

🚫

🚫

🚫

βœ…

βœ…

update:trusstedagent

🚫

🚫

🚫

βœ…

βœ…

delete:trusstedagent

🚫

🚫

🚫

βœ…

βœ…

PreviousIntegrating Your Identity ProviderNextSuggested Iteration Cycle

Last updated 1 month ago

πŸ‘₯