For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
Trust CenterStatusSupportGet a demoPlatform
DocumentationEvals API ReferenceIntegrations & OTELPlatform SettingsSelf-HostingChangelog
DocumentationEvals API ReferenceIntegrations & OTELPlatform SettingsSelf-HostingChangelog
    • Platform Settings
    • Data Residency
    • RBAC
  • Project Settings
    • API Keys
    • Team Members
    • Roles & Permissions
    • Transformers
    • Integrations
    • Alerts
    • AI Connections
    • Model Costs
    • Data Usage
    • Evaluation Models
    • Evaluation Rules
    • Annotation Options
    • Classifiers
    • Data Sources
    • Data Retention
    • Audit Logs
  • Organization Settings
    • Projects
    • Users
    • Roles & Permissions
    • Model Credentials
    • SSO
    • Data Retention
    • Audit Logs
    • Feature Access
LogoLogo
Trust CenterStatusSupportGet a demoPlatform
On this page
  • How It Works
  • Scope
  • Why Configure RBAC?

RBAC

Understand role-based access control and how permissions, policies, and roles work together.

Was this page helpful?
Previous

API Keys

Generate and manage API keys to authenticate your applications with Confident AI.
Next
Built with

Role-based access control (RBAC) lets you define what each team member can do. This structure applies at both the project and organization level, though the specific permissions available are different for each.

How It Works

A permission is a specific action like reading traces or editing datasets. Multiple permissions are grouped together into a policy, and each role is assigned a policy that defines what users with that role can access.

Scope

Roles exist at two levels:

  • Project roles control what a user can do within a specific project (e.g., access to datasets, traces, test runs).
  • Organization roles control what a user can do across the organization (e.g., managing projects, users, billing).

A user can only have one role per project and one role at the organization level. The same user can have different project roles across different projects—for example, an “Annotator” with limited dataset access in one project, while having full “Owner” access in another.

Why Configure RBAC?

As your team grows, not everyone needs access to everything. RBAC helps you:

  • Reduce risk — Limit who can delete data or modify critical configurations.
  • Simplify onboarding — Assign new team members a role instead of configuring individual permissions.
  • Support specialized workflows — Create annotator roles for labeling teams, read-only roles for stakeholders, or manager roles for team leads.
  • Meet compliance requirements — Many security frameworks require least-privilege access controls.