- Permissions grant ability to perform actions (e.g.,
use_case:adaptallows fine-tuning) - Roles are named sets of permissions, assignable to users
- Teams are groups with shared access to use cases and resources
Common Operations
Admin Team
The reservedadmin team controls global operations. Members with admin or platform_admin role can:
- Create new roles and teams
- Add/remove users from any team
values.yaml:
Default Roles
| Role | Key | Description |
|---|---|---|
| Admin | admin | All permissions. Can create teams/roles only if in admin team. |
| Platform Admin | platform-admin | Manages roles, teams, and users. Requires admin team membership. |
| Power User | power_user | Full use case management, training, evaluation, model deployment. |
| Read Only | read-only | View use case details only. |
| Inference | inference | Interact with models attached to team use cases. |
| Annotator | annotator | Interact with models and add feedback. |
All Permissions
Admin
| Permission | Scope |
|---|---|
admin:manage_roles | List roles (any team), create roles (admin team) |
admin:manage_teams | List teams (any team), create teams (admin team) |
admin:manage_users | List/update users in same team, global update (admin team) |
Use Case
| Permission | Scope |
|---|---|
use_case:read | View use case details |
use_case:create | Create use cases |
use_case:update | Update use case details |
use_case:manage_models | Attach/detach models |
use_case:adapt | Train models |
use_case:evaluate | Evaluate models |
use_case:interact | Chat with models |
use_case:add_feedback | Add interaction feedback |
use_case:read_interactions | View logged interactions |
use_case:update_interactions | Update interaction metadata |
use_case:share | Share with another team (requires both team memberships) |
Resources
| Permission | Scope |
|---|---|
dataset:create | Create datasets |
metric:create | Create feedback keys |
model:manage_models | Deploy/terminate models globally (admin team) |
team:manage | Update users in same team |