> ## Documentation Index
> Fetch the complete documentation index at: https://docs.adaptive-ml.com/llms.txt
> Use this file to discover all available pages before exploring further.
# Permissions, roles and teams
> Manage permissions, roles and teams in Adaptive Engine
You can configure and manage roles, permissions and teams for different users in your Adaptive Engine deployment. This allows you to cater the set of actions each user is allowed to perform on the platform according to their responsibility or intended use, following the [principle of least privilege](https://en.wikipedia.org/wiki/Principle_of_least_privilege).
* **Permissions** grant a user the ability to perform a given action; for example the `use_case:adapt` permission allows a user to fine-tune models.
See [List of all permissions](#all-permissions).
* **Roles** are named sets of permissions, which you can directly assign to users, or set as default for new users added to a team.
There are several [default roles](#default-roles) available in Adaptive Engine, but you can also create your own roles with [`client.roles.create()`](https://adaptive-ml.github.io/adaptive-sdk-docs/adaptive_sdk/resources.html#Roles.create).
You can change a user's role with `client.users.update()`.
* **Teams** are groups of users that have access to use cases owned by their group, and all their associated resources -
such as interactions, evaluation/training jobs, and attached models. User A must be in team X to see and interact with team X's use cases and resources.
You can create a new team with `client.teams.create()`, and add a user to a team with `client.users.update()`.
Users can be part of multiple teams, and have a different role in each team.
There is a reserved `admin` team in every Adaptive Engine deployment; members of the `admin` teams that are
assigned `admin` or `platform_admin` role are the only users who can perform a set of global operations - namely creating new roles,
teams, and adding/removing users to/from any team. You can specify the emails of seed admin user(s) in the `values.yaml` files of the
[Adaptive Helm chart](/v0.5/deployment/helm), as well as the default role and team that new users will be assigned on first sign up (see below).
This can later be changed by an admin user with `client.users.update()`.
```yaml theme={null}
auth:
# One of [admin, platform_admin, power_user, read-only, inference, annotator]
default_role: admin
# New users that sign up will be part of a default team; you must not set `default_team: admin` if you specify admin users below
default_team: default
# List of email addresses for admins; on sign up, these will be added to both the `default_team` with `default_role`,
# and to `admin` team with `platform_admin` role
admins: []
```
## List of all permissions
In each resource category tab, you will find the permission key, followed by a description of its scope.
* `admin:manage_roles`
* list all roles (user can be in any team)
* create new role (user must be in `admin` team)
* `admin:manage_teams`
* list all teams (user can be in any team)
* create new team (user must be in `admin` team).
* `admin:manage_users`
* list all users (user can in any team), update user team/role (only for users in same team)
* global update user/team role (user must be in `admin` team)
* `dataset:create`: create new dataset
* `metric:create`: create new feedback key
* `model:manage_models`: deploy or terminate model globally (user must be in `admin` team)
* `team:manage`: update user team/role (only for users in same team)
* `use_case:adapt`: train models
* `use_case:add_feedback`: add interaction feedback
* `use_case:create`: create use case
* `use_case:evaluate`: evaluate models
* `use_case:interact`: chat/interact with models
* `use_case:manage_models`: attach/detach models to/from use cases
* `use_case:read`: see use case details
* `use_case:read_interactions`: see logged use case interactions
* `use_case:share`: share use case with another team (user must be in both teams)
* `use_case:update`: update use case details
* `use_case:update_interactions`: update interaction metadata
## Default roles
Role key: `admin`
A user with `Admin` role is granted all permissions. It can be assigned to users in any team.
However, an `Admin` user is only able to create teams or roles if the user is also in the `admin` team.
Role key: `platform-admin`
The `Platform Admin` role should only be assigned to users in the `admin` team, as this condition is required to globally manage roles and teams.
Permissions:
* `admin:manage_roles`
* `admin:manage_teams`
* `admin:manage_users`
Role key: `power_user`
The `Power User` has wide permission to manage its team's use cases and resources.
Permissions:
* `use_case:read`
* `use_case:create`
* `use_case:update`
* `use_case:manage_models`
* `use_case:adapt`
* `use_case:evaluate`
* `use_case:interact`
* `use_case:add_feedback`
* `use_case:read_interactions`
* `use_case:update_interactions`
* `use_case:share`
* `model:manage_models`
* `metric:create`
* `dataset:create`
Role key: `read-only`
A user with `Read Only` role can only see its team's use case details.
Permissions:
* `use_case:read`
Role key: `inference`
A user with `Inference` role can only interact with the models attached to its team's use cases.
Permissions:
* `use_case:read`
* `use_case:interact`
Role key: `annotator`
The `Annotator` can interact with its team's models and use cases, as well as add interaction feedback.
Permissions:
* `use_case:read`
* `use_case:interact`
* `use_case:read_interactions`
* `use_case:add_feedback`