Access control: User roles and permissions

User permissions in PhariaAI are managed through a role-based access control system. Users can be assigned one or more roles, with each role permitting access to specific components of PhariaAI. A user assigned multiple roles is granted the permissions from all of those roles.

Internal services within the PhariaAI system use roles with the postfix *ServiceUser.

In this article:

Roles
Default roles for new users
Permissions

Roles

Roles are categorised into user roles and internal roles. Internal roles are assigned exclusively to PhariaAI internal services.

The available user roles are the following:

Admin: Grants full access to all features in PhariaAI, including user management.
AssistantUser: Grants access to PhariaAssistant.
OsUser: Grants access to PhariaOS, excluding user management.
StudioUser: Grants access to PhariaStudio.

Default roles for new users

When a new user registers or logs in with SSO for the first time, they are assigned the AssistantUser role by default. This role provides access to PhariaAssistant.

To modify the default roles assigned to newly created users, see Configuring default roles for self-sign-up users.

Permissions

Each role is associated with a set of permissions. The following list describes the available permissions and what they grant access to:

This list of permissions is updated regularly.

Permission Description

Permission	Description
AccessAssistant	Grants access to PhariaAssistant.
AccessDataPlatform	Enables interaction with the data platform for managing and analysing data.
AccessFinetuning	Allows finetuning of machine learning models.
AccessModel, model: <null\|ModelName>	Grants access to machine learning models. If `model` is set to `null`, there are no restrictions on specific models. Otherwise, access is limited to the specified model.
AccessNamespace: <Namespace>	Permission for DocumentIndex, grants access to a specific namespace, which organises resources.
AccessStudio	Grants access to PhariaStudio.
CreateSteeringConcepts	Enables the creation of steering concepts to guide AI model behavior.
DeleteSteeringConcepts	Enables the deletion of steering concepts.
ExecuteJobs	Allows execution of inference jobs.
ExecuteTextJobs	Specifically allows execution of text-based inference jobs.
KernelAccess	Grants access to PhariaEngine for performing operations.
OsReadHardware	Grants access to view hardware configurations of the underlying infrastructure.
OsReadModels	Allows retrieval of available machine learning models.
OsReadUsecase	Allows retrieval of use cases (AI applications) in PhariaOS.
OsWriteUsecase	Allows creation or modification of use cases (AI applications) in PhariaOS.
ProjectAccess	Grants access to projects.
ReadSteeringConcepts	Allows retrieval of existing steering concepts.
ReadUser	Allows viewing information about other users.

AccessAssistant

Grants access to PhariaAssistant.

AccessDataPlatform

Enables interaction with the data platform for managing and analysing data.

AccessFinetuning

Allows finetuning of machine learning models.

AccessModel, model: <null|ModelName>

Grants access to machine learning models. If model is set to null, there are no restrictions on specific models. Otherwise, access is limited to the specified model.

AccessNamespace: <Namespace>

Permission for DocumentIndex, grants access to a specific namespace, which organises resources.

AccessStudio

Grants access to PhariaStudio.

CreateSteeringConcepts

Enables the creation of steering concepts to guide AI model behavior.

DeleteSteeringConcepts

Enables the deletion of steering concepts.

ExecuteJobs

Allows execution of inference jobs.

ExecuteTextJobs

Specifically allows execution of text-based inference jobs.

KernelAccess

Grants access to PhariaEngine for performing operations.

OsReadHardware

Grants access to view hardware configurations of the underlying infrastructure.

OsReadModels

Allows retrieval of available machine learning models.

OsReadUsecase

Allows retrieval of use cases (AI applications) in PhariaOS.

OsWriteUsecase

Allows creation or modification of use cases (AI applications) in PhariaOS.

ProjectAccess

Grants access to projects.

ReadSteeringConcepts

Allows retrieval of existing steering concepts.

ReadUser

Allows viewing information about other users.