Permissions

Configure roles, permissions, and teams to control what users can do in your Adaptive deployment.

Permissions grant ability to perform actions (e.g., project:adapt allows fine-tuning)
Roles are named sets of permissions, assignable to users
Teams are groups with shared access to projects and resources

Users can belong to multiple teams with different roles in each.

Common operations

# Create a user
# teams_with_role takes a list of (team_key, role_key) tuples
adaptive.users.create(
    email="user@example.com",
    name="John Doe",
    teams_with_role=[("customer-support-team", "admin")]
)

# Create a service account (returns an API key for programmatic access)
result = adaptive.users.create_service_account(
    name="ci-bot",
    teams_with_role=[("customer-support-team", "inference")]
)
print(result.api_key)

# Add user to team
adaptive.users.add_to_team(
    email="user@example.com",
    team="customer-support-team",
    role="admin"
)

# Remove user from team
adaptive.users.remove_from_team(
    email="user@example.com",
    team="customer-support-team"
)

# Share project with team
# is_owner grants the team full control over the project, including resharing
adaptive.projects.share(
    project="project-to-share",
    team="customer-support-team",
    role="admin",
    is_owner=False
)

# Create a team
adaptive.teams.create(
    key="customer-support-team",
    name="Customer Support Team",
)

# Create a custom role
adaptive.roles.create(
    key="new-role",
    permissions=["project:read", "project:create"]
)

Admin team

The reserved admin team controls global operations. Some permissions behave differently depending on team membership:

Any team: list roles, list teams, list/update users in the same team
admin team only: create roles, create teams, add/remove users from any team

Users need both the right permission (via their role) and admin team membership to perform global operations. Seed admins are created once during initial deployment. Add email addresses to admins in values.yaml to bootstrap the first admin users:

auth:
  default_role: admin  # admin, platform-admin, power-user, read-only, inference, annotator
  default_team: default
  admins: []  # Email addresses for initial admins

Default roles

Role	Key	Permissions
Admin	`admin`	All permissions. Creating teams/roles requires `admin` team membership.
Platform Admin	`platform-admin`	`admin:manage_roles`, `admin:manage_teams`, `admin:manage_users`, `admin:manage_cluster`, `admin:demote_model`. Requires `admin` team membership for create operations.
Power User	`power-user`	All `project:`, `model:`, `dataset:`, and `remote_env:` permissions.
Read Only	`read-only`	All read permissions: `project:read`, `project:read_interactions`, `model:read`, `integration:read`, `remote_env:manage`, `project:judge_read`, `project:grader_read`, `project:custom_script_read`, `project:job_read`.
Inference	`inference`	Read-only permissions plus `project:interact`.
Annotator	`annotator`	Inference permissions plus `project:read_interactions` and `project:add_feedback`.

All permissions

Admin

Permission	Description
`admin:manage_roles`	List roles (any team), create roles (`admin` team)
`admin:manage_teams`	List teams (any team), create teams (`admin` team)
`admin:manage_users`	List/update users in same team, global user management (`admin` team)
`admin:manage_cluster`	Manage cluster configuration (`admin` team)
`admin:demote_model`	Demote models (`admin` team)

Project

Permission	Description
`project:read`	View project details
`project:create`	Create projects
`project:update`	Update project details
`project:manage_models`	Attach/detach models to projects
`project:adapt`	Train models
`project:evaluate`	Evaluate models
`project:interact`	Chat with models
`project:add_feedback`	Add interaction feedback
`project:read_interactions`	View logged interactions
`project:update_interactions`	Update interaction metadata
`project:delete_interactions`	Delete logged interactions
`project:share`	Share project with another team. Requires membership in both the project’s current team and the target team.
`project:monitoring_report`	View monitoring reports
`project:judge_create`	Create judges
`project:judge_read`	View judges
`project:judge_update`	Update judges
`project:grader_create`	Create graders
`project:grader_read`	View graders
`project:grader_update`	Update graders
`project:grader_delete`	Delete graders
`project:tool_provider_create`	Create tool providers
`project:tool_provider_update`	Update tool providers
`project:tool_provider_delete`	Delete tool providers
`project:interactive_job_create`	Create interactive jobs
`project:job_create`	Create jobs
`project:job_read`	View jobs
`project:job_update`	Update jobs
`project:job_cancel`	Cancel jobs
`project:job_delete`	Delete jobs
`project:custom_script_create`	Create custom scripts
`project:custom_script_read`	View custom scripts
`project:custom_script_update`	Update custom scripts
`project:custom_script_delete`	Delete custom scripts
`project:metric_create`	Create metrics
`project:metric_update`	Update metrics
`project:metric_delete`	Delete metrics

Resources

Permission	Description
`dataset:create`	Create datasets
`model:read`	View models
`model:manage_models`	Deploy/terminate models globally (`admin` team)
`model:publish`	Publish models
`team:manage`	Update users in same team

Integrations

Permission	Description
`integration:read`	View integrations
`integration:create`	Create integrations
`integration:update`	Update integrations
`integration:delete`	Delete integrations

Remote environments

Permission	Description
`remote_env:manage`	Manage remote environments

Start

Core

Advanced

Deploy

Updates

Common operations

Admin team

Default roles

All permissions

Admin

Project

Resources

Integrations

Remote environments

Start

Core

Advanced

Deploy

Updates

​Common operations

​Admin team

​Default roles

​All permissions

​Admin

​Project

​Resources

​Integrations

​Remote environments

Common operations

Admin team

Default roles

All permissions

Admin

Project

Resources

Integrations

Remote environments