> ## Documentation Index
> Fetch the complete documentation index at: https://pulze.ai/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# RBAC

## User Roles and Permissions in Pulze Spaces

Pulze Spaces utilizes a Role-Based Access Control (RBAC) system to manage user permissions at both the Organization and Space levels. This system ensures that users have appropriate access to features and data based on their responsibilities within the platform.

You can determine which features your users can access by assigning specific roles and permissions within the Pulze.ai platform. These settings can be configured when creating a new user on the **Permissions > Members** page. Administrators have the ability to edit user roles and permissions at any time.

<AccordionGroup>
  <Accordion title="Organization Permissions">
    Organization-level permissions are divided into several categories, each with specific capabilities:

    #### Viewer Permissions

    1. **viewer:app**
       * `list_spaces`: Ability to view all spaces in the organization
       * `get_space`: Ability to access details of a specific space

    2. **viewer:members**
       * `list_org_members`: Ability to view all members of the organization

    3. **viewer:dataset**
       * Ability to view datasets in the organization

    4. **viewer:evaluation**
       * Ability to view evaluations in the organization

    5. **viewer:router**
       * Ability to view routers and routing configurations in the organization

    #### Editor Permissions

    1. **editor:app**
       * `create_space`: Ability to create new spaces
       * `delete_space`: Ability to delete existing spaces

    2. **editor:members**
       * `update_org_member`: Ability to modify member details
       * `invite_org_member`: Ability to invite new members to the organization
       * `resend_invitation_email`: Ability to resend invitation emails

    3. **editor:org**
       * `update_org`: Ability to update organization details

    4. **editor:dataset**
       * Ability to create and edit datasets in the organization

    5. **editor:evaluation**
       * Ability to create and edit evaluations in the organization

    6. **editor:router**
       * Ability to create and edit routers and routing configurations in the organization

    #### Admin Permissions

    1. **admin:members**
       * `remove_org_member`: Ability to remove members from the organization

    2. **admin:org**
       * `delete_org`: Ability to delete the entire organization

    3. **admin:dataset**
       * Ability to delete datasets and manage dataset permissions in the organization

    4. **admin:evaluation**
       * Ability to delete evaluations and manage evaluation permissions in the organization

    5. **admin:router**
       * Ability to delete routers and manage router permissions in the organization
  </Accordion>

  <Accordion title="Space Permissions">
    Space-level permissions are categorized into three main roles: Viewer, Editor, and Admin.

    <Note>
      Users with the Org <code>admin:app</code> role automatically receive admin permissions in all spaces.
    </Note>

    #### Viewer Permissions

    * `list_threads`: View all threads in the space
    * `get_thread`: Access details of a specific thread
    * `create_thread`: Create new threads
    * `continue_thread`: Contribute to existing threads
    * `update_thread`: Modify thread details
    * `list_labels`: View all labels in the space
    * `get_label`: Access details of a specific label
    * `list_data`: View all data in the space
    * `get_data`: Access specific data items
    * `download_data`: Download data from the space
    * `list_references`: View all references in the space
    * `list_space_members`: View all members of the space

    #### Editor Permissions

    Includes all Viewer permissions, plus:

    * `delete_thread`: Remove threads from the space
    * `update_models`: Modify AI models used in the space
    * `delete_data`: Remove data from the space
    * `update_data`: Modify existing data
    * `upload_data`: Add new data to the space
    * `create_label`: Create new labels
    * `delete_label`: Remove labels from the space
    * `update_label`: Modify existing labels

    #### Admin Permissions

    Includes all Editor permissions, plus:

    * `list_space_member_candidates`: View potential members for the space
    * `remove_space_member`: Remove members from the space
    * `regenerate_api_key`: Create new API keys for the space
    * `add_space_member`: Add new members to the space
    * `update_space_member`: Modify space member details
    * `delete_space`: Delete the entire space
  </Accordion>

  <Accordion title="Important Note">
    Users with the Org `admin:app` role are automatically granted admin permissions in all spaces within the organization, giving them full control over all aspects of the platform.

    By carefully assigning these roles and permissions, organizations can ensure that users have the appropriate level of access to Pulze Spaces, maintaining security while enabling productivity.
  </Accordion>
</AccordionGroup>
