RBAC is gradually being rolled out to our Enterprise customers. If you have an Enterprise subscription with Relevance AI and do not have access to this feature yet, please reach out to your sales representative to share your interest in this feature.You will not be able to access this feature if you are not on an Enterprise subscription.
Best Practices
Keep permissions simple. Assign roles based on who needs to build, who needs to view, and who needs to govern.Organization Level
- Admins — set up and manage teams, projects, and authentication. Usually your workspace or IT leads.
- Members — have autonomy to create their own projects and assets. Best for power users or builders.
- Viewers — should not create anything until they’re assigned to a project. Use this for early access or external collaborators.
Project Level
- Admins — own the project setup and governance. They control permission and authentication accounts.
- Editors — build, edit, and run all assets in the project. Treat them as your core contributors.
- Members — can build their own assets but don’t automatically see or edit others’. Great for independent work within shared projects.
- Viewers — can’t build or edit. Add them only to the specific assets they need to see.
Keep admin/editor access limited to people actively managing or building. Everyone else should be a member or viewer by default.
Asset Level
- Project admins and editors automatically have full control.
- Members can run assets but can’t modify them unless granted edit rights.
- Viewers can only see results or outputs — they can’t run or trigger anything.
Default to least privilege. Grant edit rights intentionally, not by habit.
Organization level controls
New organization members will be given viewer permissions by default. If invited, their role will be selected during invite.Roles
| Role | Capabilities |
|---|---|
| Owner | Full control of organization, billing, security, users and all projects |
| Admin | Manage users, projects, organization-level API keys and OAuths |
| Member | Access only assigned projects, can create private projects and assets (agents, tools, knowledge) |
| Viewer | View-only access to agent and tool audit logs, usage data and compliance reports |
Permissions
| Permission | Owner | Admin | Member | Viewer |
|---|---|---|---|---|
| Manage billing | ✅ | ❌ | ❌ | ❌ |
| Manage organization settings (name, logo, domain etc.) | ✅ | ✅ | ❌ | ❌ |
| Manage organization users | ✅ | ✅ | ❌ | ❌ |
| Manage API keys & OAuths (Org-level connections) | ✅ | ✅ | ❌ | ❌ |
| View global audit logs | ✅ | ✅ | ❌ | ❌ |
| View all projects and agents | ✅ | ✅ | ❌ | ❌ |
| Delete any asset | ✅ | ✅ | ❌ | ❌ |
| Edit project roles | ✅ | ✅ | ❌ | ❌ |
| View credit information | ✅ | ✅ | ❌ | ❌ |
| Create projects | ✅ | ✅ | ✅ | ❌ |
| View organization members / admins | ✅ | ✅ | ✅ | ✅ |
Project level controls
Project admins will be able to set a users role upon invite. Organization admins can also set this for any project.Roles
| Role | Capabilities |
|---|---|
| Admin | Manage users, agents, tools, knowledge and project-level integrations. Can create assets |
| Editor | Can edit and create assets, does not manage users |
| Member | Use shared assets, provide inputs and view outputs. Can create assets, private by default. |
| Viewer | View agents, tools, and knowledge outputs only, cannot run or edit anything |
Permissions
| Permission | Admin | Editor | Member | Viewer |
|---|---|---|---|---|
| Delete project | ✅ | ❌ | ❌ | ❌ |
| Assign project roles to users | ✅ | ❌ | ❌ | ❌ |
| Delete agents | ✅ | ✅ | ❌ | ❌ |
| View all assets by default | ✅ | ✅ | ❌ | ❌ |
| Edit/run assets they did not create | ✅ | ✅ | ❌ | ❌ |
| View project activity logs | ✅ | ✅ | ❌ | ❌ |
| Manage project-level API keys & OAuths | ✅ | ✅ | ❌ | ❌ |
| Create assets | ✅ | ✅ | ✅ | ❌ |
| View Project | ✅ | ✅ | ✅ | ✅ |
Asset level controls
An asset is an Agent, Tool, Knowledge or Workforce. Upon asset creation, the creator becomes the admin. An asset can have multiple admins (project admin is by default).Roles
| Role | Capabilities |
|---|---|
| Admin | Manage asset configuration, tools, knowledge and assign asset-level users |
| Member | Use asset only, provide inputs and view outputs |
| Viewer | View asset configuration and outputs only, cannot run or edit anything |
Permissions
| Permission | Admin | Member | Viewer |
|---|---|---|---|
| Edit asset | ✅ | ❌ | ❌ |
| Delete asset | ✅ | ❌ | ❌ |
| Assign roles on asset | ✅ | ❌ | ❌ |
| Assign auth per tool | ✅ | ❌ | ❌ |
| Enable cloning/sharing of asset | ✅ | ❌ | ❌ |
| Run asset (if executable e.g. agent) | ✅ | ✅ | ❌ |
| View asset configuration | ✅ | ✅ | ✅ |
| View asset outputs | ✅ | ✅ | ✅ |
| View asset audit logs | ✅ | ✅ | ✅ |
Frequently asked questions (FAQs)
Can I access role-based access controls without upgrading to Enterprise?
Can I access role-based access controls without upgrading to Enterprise?
No. This feature is available for Enterprise subscriptions only.
I'm on an Enterprise subscription but do not have access to this feature yet. How do I get access?
I'm on an Enterprise subscription but do not have access to this feature yet. How do I get access?
This feature is gradually being rolled out to Enterprise customers. Please reach out to your sales representative to express your interest in receiving this feature.