👥User Roles & Permissions
Role-based access for controlling feature-level permissions via your organisation’s IDP.
Access Roles Overview
Trusst AI supports a flexible, role-based access control system to manage user permissions across the platform. Each role grants access to specific features and actions within the application.
Roles must be assigned through your organisation’s identity provider (IDP), such as Okta or Microsoft Entra ID. These roles must be passed to Trusst AI in the groups claim of the ID token. The values must match exactly, as shown below.
The supported role keys are:
Viewer (
trusst_ai_viewer)Analyst (
trusst_ai_analyst)Editor (
trusst_ai_editor)Admin (
trusst_ai_admin)
Ensure that users are assigned to one or more of these roles in your IDP, and that the `groups` claim is included in the authentication payload.
Example Authentication Payload
{
"sub": "idp|ml-ops-9087",
"name": "Al Gorithm",
"email": "[email protected]",
"groups": [
"trusst_ai_admin"
]
}Role-Based Permissions Table
Contacts
contacts:view
✅
✅
✅
✅
Chat
chat:edit
🚫
✅
✅
✅
Criteria (view)
criteria:view
🚫
✅
✅
✅
Criteria (edit)
criteria:edit
🚫
🚫
✅
✅
Streams
streams:edit
🚫
🚫
🚫
✅
General Settings (view)
settings_general:view
🚫
✅
✅
✅
General Settings (edit)
settings_general:edit
🚫
🚫
✅
✅
System Status
system_status:view
🚫
✅
✅
✅
Agents (view)
agents:view
🚫
🚫
✅
✅
Agents (edit)
agents:edit
🚫
🚫
🚫
✅
Agent Numbers (view)
agent_numbers:view
🚫
🚫
✅
✅
Agent Numbers (edit)
agent_numbers:edit
🚫
🚫
🚫
✅
Agent Abilities
agent_abilities:edit
🚫
🚫
🚫
✅
Agent Keys (Secrets)
agent_keys:edit
🚫
🚫
🚫
✅
Last updated