Organization Level Roles
At the Organization level, two primary roles exist: Owner and Member.
1.1 Organization Owner
•Who Are They?
Typically the billing entity or ultimate decision-maker for the company’s SoterAI subscription.
•Key Capabilities
1. Billing Management: Can view and change subscription details, update payment methods, or renew/cancel the subscription.
2. Organization Settings: Can modify high-level organization information (e.g., company name, logo).
3. Workspace Creation: Can create new Workspaces (the “first” Workspace in a brand-new Organization, or additional ones later).
4. Workspace Access: By default, has full access to every Workspace and Sub-workspace under the Organization.
5. User Management:
•Invite new users (Owners, Members) to the Organization.
•Remove or reassign any user’s role within the Organization or its Workspaces.
6. Delete Organization: Can delete (soft-delete) the entire Organization, which also marks all related Workspaces as deleted.
Note: There can be multiple Owners in an Organization if desired.
1.2 Organization Member
•Who Are They?
Standard users who have been added at the Organization level but do not have Owner privileges.
•Key Capabilities
1. View Organization: Can see the Organization page and the Workspaces they belong to.
2. Personal Settings: Can update their own user account details (e.g., profile photo, password).
3. Workspace Access (If Assigned): Members only gain access to specific Workspaces if an Owner or Manager grants them a Workspace-level role.
•Restrictions
•Cannot create or delete Workspaces at the Organization level.
•Cannot manage billing or subscription details.
•Cannot invite or remove other Members at the Organization level (they can invite users only within a Workspace if they’re granted Manager rights there).
Workspace-Level Roles
Each Workspace (and its Sub-workspaces) has a set of roles that determine what a user can do with AI tools, data, and settings within that particular Workspace. These roles can be inherited from a parent Workspace or assigned directly within the child Sub-workspace.
2.1 Manager
•Who Are They?
A user who has been granted managerial control over a specific Workspace.
•Key Capabilities
1. User Management:
• Invite new users to this Workspace (and to Sub-workspaces, if needed).
• Assign roles such as User, Chat-Only User, or Read-Only User.
2. Create Sub-workspaces: Can create additional Sub-workspaces beneath the current one.
3. Manage Sub-workspace: Can modify settings in child Sub-workspaces, including IQ configurations and regulatory matrices.
4. Chat & Workflows: Has Write access, meaning they can fully use Chat, create and run Workflows, manage Action Dashboard, etc.
5. IQ Documents: Full management rights (add, remove, enable/disable documents).
6. Delete Workspace: If needed, can perform a soft-delete on the Workspace they manage (including all its Sub-workspaces).
2.2 User
•Who Are They?
The standard role for someone actively working in a Workspace.
•Key Capabilities
1. Chat: Can fully engage in Chat (start conversations, upload files, etc.).
2. Workflows: Can create, modify, and run Workflows.
3. Action Dashboard: Can create and manage tickets and boards.
4. IQ Documents: Can add new IQ documents and manage existing ones.
•Restrictions
•No Sub-workspace Management: Cannot create new Sub-workspaces or delete them.
•No User Management: Cannot invite or remove other users, or change roles.
2.3 Read-Only User
•Who Are They?
A user who needs visibility into Chat, Workflow History, Action Dashboard, and IQ documents but should not make changes or contribute new data.
•Key Capabilities
1. View Chat: Can see existing Chat conversations (Public and Private) but cannot send messages or rename conversations.
2. View Workflows History: Can open and read past Workflow runs but cannot create or edit Workflows.
3. View Action Dashboard: Sees the current ticket board and ticket details but cannot modify or create tickets.
4. View IQ Documents: Can see which documents are in IQ but cannot upload or delete them.
•Restrictions
•No Editing: Anything that involves creating, editing, or deleting is disallowed, including Chat messages or Workflow steps.
•No Sub-workspace or User Management: Cannot manage settings, invite users, or create Sub-workspaces.
2.4 Chat-Only User
•Who Are They?
A user whose primary job is to interact with SoterAI Chat but not necessarily to run Workflows or manage documents.
•Key Capabilities
1. Chat: Can start new chats, participate in existing ones, upload files to Chat, etc.
2. View Workflow History: Can be allowed or not allowed based on your internal configuration, but typically they can at least see final results if also assigned some read permission.
3. View Action Dashboard: Read-Only or no access is common; depends on how the workspace sets it up.
•Restrictions
•Limited to Chat: No creation of Workflows, no editing IQ documents, and no advanced board (Action Dashboard) modifications unless those permissions are explicitly granted.
•Cannot Invite or Manage Users: No managerial rights.
How Permissions Work
3.1 Read vs. Write
• Write (Full Access): The user sees all relevant items in their interface (e.g., Chat, Workflows, IQ) and can create, edit, or delete content.
• Read (View Only): The user sees the items in their interface but cannot modify or create anything (e.g., can read chats but cannot send messages).
3.2 Permission Inheritance
• From Parent Workspace to Sub-workspace: If you have a certain level of access (e.g., Manager) in a parent Workspace, you inherit at least that level in the child Sub-workspace.
• Overriding Permissions in a Child Sub-workspace: A user can be upgraded to a higher role (e.g., from User to Manager) in the Sub-workspace, but not downgraded (e.g., from Manager to User) if they inherited a higher role from the parent.
Special Considerations
1. Removing a Workspace Manager
•If you remove a Manager from a Workspace, you must assign a new Manager to ensure there’s always at least one person who can manage that Workspace.
2. Deleting (Soft-Deleting) a Workspace
•Only users with Write permission to manage that Workspace can delete it.
•Deleting a Workspace also marks all Sub-workspaces beneath it as deleted (soft-delete).
3. Deleting an Organization
•Only an Organization Owner can delete an Organization.
•This soft-deletes all Workspaces and Sub-workspaces under that Organization.
4. Subscription Expiration
•All non-Owner roles may see a grayed-out Workspace that’s unclickable when the subscription expires.
•The Owner sees a prompt to renew the subscription and cannot bypass it until resolved.
Comments
0 comments
Please sign in to leave a comment.