User Roles & Permissions

DataQI includes four predefined roles that provide different levels of access and control over the platform.

Role Overview

Super Admin

• Full system access with ability to manage all aspects of the application
• Manage users and access most settings on behalf of other users
• Complete administrative control over the platform
• All permissions - Can perform any action in the system

Access Manager

• Manage user access, groups and permissions
• Control who can access what features and data
• Assign and modify user roles and group memberships
• Cannot modify system configuration or create assistants

Configuration Manager

• Manage system configuration and settings related to how the application works
• Configure platform-wide settings and behaviors
• Access assigned assistants and data
• Cannot manage users or access permissions

Resource Manager

• Manage and create new assistants
• Create or connect assistants to data sources
• Upload and manage data content
• Cannot manage users or system configuration

Detailed Permissions

Super Admin Capabilities

• ✅ User Management - Create, modify, and delete users
• ✅ Role Assignment - Assign any role to any user
• ✅ Group Management - Create and manage user groups
• ✅ System Configuration - Modify platform settings
• ✅ Assistant Management - Create, modify, and delete assistants
• ✅ Data Management - Upload and manage all data sources
• ✅ Access Control - Control access to all features and data
• ✅ System Monitoring - View logs and system status
• ✅ Support Functions - Access advanced administrative features

Access Manager Capabilities

• ✅ User Management - View and modify user details
• ✅ Role Assignment - Assign roles (except Super Admin)
• ✅ Group Management - Create and manage user groups
• ✅ Access Control - Control access to assistants and data
• ✅ User Monitoring - View user activity and access patterns
• ❌ System Configuration - Cannot modify platform settings
• ❌ Assistant Creation - Cannot create new assistants
• ❌ Data Upload - Cannot upload new data sources

Configuration Manager Capabilities

• ✅ System Configuration - Modify platform settings and behaviors
• ✅ Assistant Access - Access assigned assistants
• ✅ Data Access - View assigned data sources
• ✅ System Monitoring - View system logs and status
• ❌ User Management - Cannot manage users or roles
• ❌ Assistant Creation - Cannot create new assistants
• ❌ Data Upload - Cannot upload new data sources

Resource Manager Capabilities

• ✅ Assistant Management - Create, modify, and delete assistants
• ✅ Data Management - Upload and manage data sources
• ✅ Assistant Access - Access assigned assistants
• ✅ Data Access - View and manage assigned data
• ❌ User Management - Cannot manage users or roles
• ❌ System Configuration - Cannot modify platform settings

Role Assignment Guidelines

When to Assign Super Admin

• Primary administrators who need complete system control
• IT administrators responsible for platform management
• Security officers who need full access for compliance
• Limited number - Only assign to trusted, experienced users

When to Assign Access Manager

• HR administrators who manage user onboarding
• Department heads who control team access
• Security team members who manage permissions
• Project managers who need to control team access

When to Assign Configuration Manager

• IT administrators who manage system settings
• Platform administrators who configure behaviors
• Technical leads who need to adjust system parameters
• Users who don’t need user management capabilities

When to Assign Resource Manager

• Content creators who build assistants
• Data analysts who manage data sources
• Subject matter experts who create knowledge bases
• Users who need to create and manage content

Permission Inheritance

Group-Based Permissions

• Groups can have default permissions assigned
• Users inherit group permissions in addition to role permissions
• Group permissions are additive - they add to role permissions
• Conflicts resolved by most permissive setting

Assistant-Level Permissions

• Individual assistants can have specific user access
• Override role permissions for specific content
• View Only vs Edit access can be set per assistant
• Data access follows assistant permissions

Security Considerations

Principle of Least Privilege

• Assign minimum permissions necessary for job function
• Regular reviews of user permissions
• Remove unused permissions promptly
• Monitor access patterns for anomalies

Role Separation

• Separate duties between different roles
• Avoid assigning multiple high-privilege roles
• Use groups for temporary or project-based access
• Document role assignments and changes

Access Monitoring

• Track role changes and permission modifications
• Monitor user activity for unusual patterns
• Regular audits of user access
• Log administrative actions for compliance

Best Practices

Role Assignment

• Start with minimal permissions and add as needed
• Use groups for common permission sets
• Document role assignments and business justification
• Regular reviews of user access and roles

Permission Management

• Group similar users together
• Use assistant-level permissions for specific access
• Regular cleanup of unused permissions
• Clear documentation of permission structure

Security Maintenance

• Regular access reviews and audits
• Prompt removal of unused accounts
• Monitor for privilege escalation
• Keep audit logs of all changes

Troubleshooting Role Issues

Common Problems

• User can’t access expected features
• User has too much access to restricted content
• Role changes not taking effect immediately
• Group permissions not working as expected

Solutions

• Verify role assignment is correct
• Check group memberships and permissions
• Refresh user session or log out/in
• Review assistant-level permissions
• Contact support for complex issues

Related Topics

• Adding New Users - How to assign roles during onboarding
• Group Management - Managing user groups and permissions
• Troubleshooting - Common role and permission issues