πŸ‘₯User Roles & Permissions

Role-based access for controlling feature-level permissions via your organisation’s IDP.

Access Roles Overview

Trusst AI supports a flexible, role-based access control system to manage user permissions across the platform. Each role grants access to specific features and actions within the application.

Roles must be assigned through your organisation’s identity provider (IDP), such as Okta or Microsoft Entra ID. These roles must be passed to Trusst AI in the groups claim of the ID token. The values must match exactly, as shown below.

The supported role keys are:

  • Viewer (trusst_ai_viewer)

  • Evaluator (trusst_ai_evaluator)

  • Prompt Admin (trusst_ai_prompt_admin)

  • AI Agent Admin (trusst_ai_agent_admin)

  • App Admin (trusst_ai_app_admin)

Ensure that users are assigned to one or more of these roles in your IDP, and that the `groups` claim is included in the authentication payload.

Example Authentication Payload

{
  "sub": "idp|ml-ops-9087",
  "name": "Al Gorithm",
  "email": "[email protected]",
  "groups": [
    "trusstai_viewer",
    "trusstai_prompt_admin"
  ]
}

Role-Based Permissions Table

Feature

Permission

Viewer

Evaluator

Prompt Admin

AI Agent Admin

App Admin

Insights

read:insights

βœ…

βœ…

βœ…

🚫

βœ…

create:widget

🚫

βœ…

βœ…

🚫

βœ…

delete:widget

🚫

βœ…

βœ…

🚫

βœ…

Import

read:imports

βœ…

βœ…

βœ…

🚫

βœ…

create:import

🚫

🚫

βœ…

🚫

βœ…

Contacts

read:contacts

βœ…

βœ…

βœ…

🚫

βœ…

read:audio-contact

🚫

βœ…

βœ…

🚫

βœ…

Prompts

read:prompts

🚫

βœ…

βœ…

🚫

βœ…

create:prompt

🚫

βœ…

βœ…

🚫

βœ…

update:prompt

🚫

βœ…

βœ…

🚫

βœ…

create:publish-prompt

🚫

🚫

βœ…

🚫

βœ…

Ratings

read:ratings

βœ…

βœ…

βœ…

🚫

βœ…

create:rating-prompt

🚫

βœ…

βœ…

🚫

βœ…

Settings

read:settings

βœ…

βœ…

βœ…

🚫

βœ…

update:settings

🚫

🚫

🚫

🚫

βœ…

AI Agents

read:trusstedagent

βœ…

🚫

🚫

βœ…

βœ…

create:trusstedagent

🚫

🚫

🚫

βœ…

βœ…

update:trusstedagent

🚫

🚫

🚫

βœ…

βœ…

delete:trusstedagent

🚫

🚫

🚫

βœ…

βœ…

Last updated