# Security and permissions ## Security and Permissions This page explains the security model and permission system in Waterflai. Waterflai uses a role-based access control (RBAC) system to manage user permissions at both the global (organization) level and the workspace level. ### User Roles Waterflai has three main user roles at the global level: 1. **Admin**: Full access to all features and administrative functions 2. **Creator**: Can create and manage workspaces 3. **User**: Basic access to use Waterflai features within assigned workspaces ### Global Permissions Global permissions apply across the entire Waterflai organization. Here's an overview of the permissions for each global role: #### Admin * Full access to all features and permissions #### Creator * Create workspaces * List and enter into assigned workspaces #### User * List and enter into assigned workspaces ### Workspace Roles and Permissions Within each workspace, users can have one of three roles: 1. **Workspace Admin**: Full control over the workspace 2. **Workspace Creator**: Can create and manage most resources within the workspace 3. **Workspace User**: Basic access to use features within the workspace Here's a detailed breakdown of permissions for each workspace role: #### Workspace Admin * Full access to all workspace features and permissions #### Workspace Creator * API Keys: Create, List, Delete * Chatbots: Create, List, View, Edit, Publish, Delete * Conversations: Create, List, View, Edit, Delete * Providers: Create, List, View, Edit, Delete * Inference Analytics: List, View, Delete * Models: Create, List, View, Edit, Delete * RAG Collections: Create, List, View, Edit, Delete * RAG Connector Configs: Create, List, View, Edit, Delete * Chatflows: Create, List, View, Edit, Execute, Delete * Workflows: Create, List, View, Edit, Execute, Delete #### Workspace User * Chatbots: List, View, Chat * Conversations: Create, List, View, Edit, Delete * Inference Analytics: List, View ### Best Practices for Managing Permissions 1. **Least Privilege**: Assign users the minimum role necessary for their tasks to maintain security. 2. **Regular Audits**: Periodically review user roles and permissions to ensure they are still appropriate. 3. **Role Separation**: Use workspace roles to create separation of duties within projects or teams. 4. **Education**: Ensure all users understand their permissions and the responsibilities that come with their role. ### Customizing Permissions While Waterflai's default roles and permissions cover most use cases, organizations with specific needs can contact Waterflai support to discuss custom permission configurations. By understanding and properly utilizing this permission system, you can ensure that your Waterflai organization maintains a secure and well-organized environment for all users. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.waterflai.ai/administration/security-and-permissions.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.