Access Control
User permissions within PhariaAI are managed through a role-based access control system. Users can be assigned one or more roles, with each role granting access to specific components of PhariaAI. When multiple roles are assigned, the permissions from all roles are combined. Internal services within the PhariaAI system use roles with the postfix *ServiceUser.
Roles
Roles are categorized into user roles and internal roles. Internal roles are exclusively used by PhariaAI's internal services.
User Roles
- Admin: Grants full access to all features in PhariaAI, including User Management.
- AssistantUser: Grants access to PhariaAssistant.
- OsUser: Grants access to PhariaOS, excluding User Management.
- StudioUser: Grants access to PhariaStudio.
Default Roles for Newly Registered Users
When a new user registers or logs in via SSO for the first time, they are assigned the Assistant User role by default. This role provides automatic access to PhariaAssistant.
To modify the default roles assigned to newly created users, refer to How to Enable Self-Sign-Up.
Permissions
Each role is associated with a set of permissions, which are updated regularly. Below is a list of available permissions and their descriptions:
| Permission | Description |
|---|---|
| AccessAssistant | Grants access to PhariaAssistant. |
| AccessDataPlatform | Enables interaction with the data platform for managing and analyzing data. |
| AccessFinetuning | Allows fine-tuning of machine learning models. |
| AccessModel, model: <null|ModelName> | Grants access to machine learning models. If model is set to null, there are no restrictions on specific models. Otherwise, access is limited to the specified model. |
| AccessNamespace: | Permission for DocumentIndex, grants access to a specific namespace, which organizes resources. |
| AccessStudio | Grants access to PhariaStudio. |
| CreateSteeringConcepts | Enables the creation of steering concepts to guide AI model behavior. |
| DeleteSteeringConcepts | Enables the deletion of steering concepts. |
| ExecuteJobs | Allows execution of inference jobs. |
| ExecuteTextJobs | Specifically allows execution of text-based inference jobs. |
| KernelAccess | Grants access to the PhariaEngine component for performing operations. |
| OsReadHardware | Grants access to view hardware configurations of the underlying infrastructure. |
| OsReadModels | Allows retrieval of available machine learning models. |
| OsReadUsecase | Allows retrieval of use cases (AI applications) in PhariaOS. |
| OsWriteUsecase | Allows creation or modification of use cases (AI applications) in PhariaOS. |
| ProjectAccess | Grants access to projects. |
| ReadSteeringConcepts | Allows retrieval of existing steering concepts. |
| ReadUser | Allows viewing information about other users. |