👥User Roles & Permissions
Role-based access for controlling feature-level permissions via your organisation’s IDP.
Access Roles Overview
After completing your IDP setup described in Integrating Your Identity Provider, this page explains how Trusst AI roles and permissions are structured and how they’re applied once users successfully authenticate.
Trusst AI uses a role-based access control system managed through your organisation’s identity provider (IDP), such as Okta or Microsoft Entra ID.
Roles must be passed to Trusst AI in the roles claim of the ID token.
If unavailable, Trusst AI will also accept a role (singular) or a groups claim.
Both must be arrays of strings.
The supported role keys are:
Viewer (
trusst_ai_viewer)Analyst (
trusst_ai_analyst)Editor (
trusst_ai_editor)Admin (
trusst_ai_admin)
Ensure that users are assigned to one or more of these roles in your IDP, and that either the roles or groups claim includes them in the authentication payload.
Example Authentication Payload
{
"sub": "idp|ml-ops-9087",
"name": "Al Gorithm",
"email": "[email protected]",
"roles": [
"trusst_ai_admin"
]
}Role-Based Permissions Table
Contacts
contacts:view
✅
✅
✅
✅
Chat
chat:edit
🚫
✅
✅
✅
Criteria (view)
criteria:view
🚫
✅
✅
✅
Criteria (edit)
criteria:edit
🚫
🚫
✅
✅
Streams
streams:edit
🚫
🚫
🚫
✅
General Settings (view)
settings_general:view
🚫
✅
✅
✅
General Settings (edit)
settings_general:edit
🚫
🚫
✅
✅
System Status
system_status:view
🚫
✅
✅
✅
Agents (view)
agents:view
🚫
🚫
✅
✅
Agents (edit)
agents:edit
🚫
🚫
🚫
✅
Agent Numbers (view)
agent_numbers:view
🚫
🚫
✅
✅
Agent Numbers (edit)
agent_numbers:edit
🚫
🚫
🚫
✅
Agent Abilities
agent_abilities:edit
🚫
🚫
🚫
✅
Agent Keys (Secrets)
agent_keys:edit
🚫
🚫
🚫
✅
Last updated