Skip to main content
Support Bot uses a hierarchical permission system based on roles and permission sets. This allows flexible, fine-grained access control across your organization.

Permission Hierarchy

The system uses a three-level hierarchy:
1

Permissions

Individual capabilities like user.edit or role.create. These are system-defined and cannot be modified.
2

Permission Sets

Groups of related permissions (e.g., “User Management” includes user.view, user.edit, user.delete).
3

Roles

Collections of permission sets assigned to users (e.g., “Admin” role includes multiple permission sets).
4

Users

Have one or more roles, which grant them all permissions from those roles’ permission sets.

System Permissions

All permissions are organized into categories:

User Management

  • user.view - View user list and details
  • user.edit - Modify user roles and permissions
  • user.delete - Remove users from the system

Role Management

  • role.view - View roles and their permission sets
  • role.create - Create new roles
  • role.edit - Modify existing roles
  • role.delete - Remove roles

Permission Set Management

  • permission_set.view - View permission sets
  • permission_set.create - Create custom permission sets
  • permission_set.edit - Modify permission sets
  • permission_set.delete - Remove permission sets

AI/ML Configuration

  • aiml.view - View AI/ML settings
  • aiml.edit - Modify model selection, temperature, and safety settings

LLM Provider Management

  • llm_provider.view - View LLM provider configurations
  • llm_provider.create - Add new LLM providers
  • llm_provider.edit - Update provider settings
  • llm_provider.delete - Remove providers
  • llm_provider.test - Test provider connections

Integration Management

  • integration.view - View integrations
  • integration.create - Add new integrations
  • integration.edit - Modify integration settings
  • integration.delete - Remove integrations
  • integration.sync - Trigger manual sync operations

Settings Management

  • auth.view - View authentication settings
  • auth.edit - Modify authentication providers
  • history.view - View configuration history
  • history.rollback - Rollback to previous configurations
Permissions are read-only and cannot be created or modified. They’re defined by the system.

Managing Roles

View All Roles

Navigate to Settings > Roles & Permissions to see all configured roles. The table shows:
  • Role name
  • Description
  • Permission sets included in the role
  • Actions (Edit, Delete)

Create a New Role

1

Open Create Dialog

Click the Add Role button in the top-right corner.
2

Enter Role Details

Provide:
  • Name (required) - A descriptive name like “Report Manager”
  • Description (optional) - What this role is for
3

Select Permission Sets

Check the permission sets this role should include. Each permission set shows:
  • Name and description
  • Preview of included permissions (first 3)
At least one permission set is required.
4

Save

Click Create to save the new role.

Edit Existing Role

1

Click Edit

In the roles table, click Edit next to the role you want to modify.
2

Update Details

Change the name, description, or permission set assignments.
3

Save Changes

Click Save Changes to apply your updates.
Changes to roles take effect immediately for all users with that role.

Delete a Role

1

Click Delete

In the roles table, click Delete next to the role.
2

Confirm Deletion

A confirmation dialog will warn you that users with this role will lose its permissions.
3

Confirm

Click Delete to remove the role permanently.
Deleting a role removes those permissions from all assigned users immediately. This action cannot be undone.

Managing Permission Sets

Permission sets group related permissions together for easier management.

View Permission Sets

From Settings > Permission Sets, you can see all available permission sets with their included permissions.

Create Custom Permission Set

1

Navigate to Permission Sets

Go to Settings > Permission Sets and click Create Permission Set.
2

Enter Details

Provide:
  • Code (required) - A unique identifier like custom_analysts
  • Name (required) - Display name like “Custom Analysts”
  • Description (optional) - What this set is for
3

Select Permissions

Choose individual permissions to include in this set. Permissions are grouped by category for easier browsing.
4

Save

Click Create to save the permission set.

Edit Permission Set

You can update the name, description, and included permissions of any custom permission set.
System-defined permission sets (like those created during installation) can be viewed but not modified.

Delete Permission Set

Deleting a permission set removes it from all roles that include it. Users will lose those permissions immediately.

Role Assignment Workflow

When assigning permissions to users:
1

Identify Required Permissions

Determine what the user needs to do (e.g., manage integrations, configure AI).
2

Find or Create Appropriate Role

Check if an existing role provides those permissions. If not, create a new role with the needed permission sets.
3

Assign Role to User

From User Management, edit the user and assign the role.
4

Verify Access

Have the user refresh their session or log out and back in to receive the new permissions.

Required Permissions

ActionPermission Required
View rolesrole.view
Create rolesrole.create + permission_set.view
Edit rolesrole.edit + permission_set.view
Delete rolesrole.delete
View permission setspermission_set.view
Create permission setspermission_set.create
Edit permission setspermission_set.edit
Delete permission setspermission_set.delete
The UI automatically hides actions you don’t have permission to perform.

Best Practices

Role-Based Design

Design roles around job functions (Admin, Analyst, Viewer) rather than individuals.

Minimal Permission Sets

Keep permission sets focused on specific features or workflows.

Test Before Deploy

Create test roles and verify they grant the expected access before assigning to users.

Document Roles

Use the description field to document what each role is intended for.

Common Role Examples

Administrator

Full system access with all permission sets:
  • User Management
  • Role Management
  • Integration Management
  • AI/ML Configuration
  • Settings Management

Integration Manager

Manage data sources without system access:
  • integration.view
  • integration.create
  • integration.edit
  • integration.sync

AI Configurator

Manage AI settings without user management:
  • aiml.view
  • aiml.edit
  • llm_provider.view
  • llm_provider.edit
  • llm_provider.test

Read-Only Auditor

View-only access to all settings:
  • user.view
  • role.view
  • permission_set.view
  • integration.view
  • aiml.view
  • history.view

API Reference

For programmatic access, see:

Build docs developers (and LLMs) love

Get started for freeTalk to us