Skip to main content

Roles and permissions

Understand how access to assistants and datasources are governed within elvex.

Updated over 2 weeks ago

Your permissions in elvex are determined by three factors: your company-wide role, whether a resource is public or private, and any specific access you've been granted to individual assistants or datasources.

Quick Reference

  • Need to share with your whole company? → Set visibility to "Public"

  • Need to share with specific people? → Add them in "Security & Permissions"

  • Need someone to help edit? → Give them "Editor" role

  • Can't see an assistant you should have access to? → Check if it's set to "Private" and ask the owner to share it with you

Company-wide roles

When you're invited to elvex, your administrator selects a role which can be a Consumer, Creator, or Admin. This role determines your permissions across elvex, but works in tandem with specific roles you may have been granted on an Assistant or Datasource.

Feature / Permission

Consumer

Creator

Administrator

Owner

View & use assistants

Create new assistants

Edit/delete assistants

View datasources

Create new datasources

Edit/delete datasources

View/edit company info

Invite others to company

Edit global AI filters

Add/edit AI providers

Configure integrations (e.g. Slack)

Use/view/edit/delete ALL assistants (ignore visibility)

Use/view/edit/delete ALL datasources (ignore visibility)

Assistant and Datasource Visibility

Assistants and Datasources have a Visibility setting which can either be:

  • Private: Only you, company Owners and users you explicitly share the Assistant or Datasource with can use or edit it.

  • Public: Everyone in your company will be able to see and use this Assistant or Datasource but only editors will be able to modify it.

By default, all new Assistants and Datasources have their visibility set to Private.

⚠️ Important Security Consideration

Public assistants can access private datasources, which creates a potential security loophole:

When you share a private datasource with someone, they can attach it to any assistant they create, including public ones.

Example scenario:

  1. You share a private HR datasource with John

  2. John creates a public assistant and connects your HR datasource

  3. Now everyone in your company can query HR data through John's public assistant

Best practice: Only share private datasources with trusted users, or consider making datasources public if they should be widely accessible.

FAQs

How do I share an assistant or datasource with my entire company?

Modify the Visibility of the assistant or datasource and set it to "Public". This will effectively give all users within your company Viewer access to this assistant or datasource allowing them to use it, but not modify it.

How do I share an assistant or datasource with someone?

For assistants:

  1. Open the assistant you want to share

  2. Expand "Security & Permissions"

  3. Click "Add user" and search by name or email

  4. Select their role (Viewer or Editor)

  5. Click "Save"

For datasources:

  1. Open the datasource you want to share

  2. Scroll to "Permissions"

  3. Click "Add user" and search by name or email

  4. Select their role (Viewer or Editor)

  5. Click "Save"

Where do I go to modify assistant or datasource permissions?

For assistants, expand the "Security & Permissions" setting. For datasources, scroll to "Permissions"

How does elvex determine the owner of an assistant or datasource?

The owner of an assistant or datasource is always the person that created that assistant or datasource, unless ownership has been transferred to another user.

How do I transfer ownership of an assistant or datasource?

This is currently only supported via a support request to [email protected] but we'll soon allow owners to transfer ownership.

What happens if someone clones an assistant that was connected to a private datasource?

The answer here depends on what access the user cloning the assistant has to the underlying datasource. If the user has access to the datasource via Viewer, Editor or Owner roles, the cloned assistant will contain a connection to the original datasource. If the user cloning the assistant does not have access to the datasource, they will create an assistant with identical configuration to that of the initial assistant, but the cloned assistant will not have access to the original datasource. The assistant creator will have to request access to the datasource.

What is the default visibility for new assistants or datasources?

All new assistants or datasources default to their visibility set to private.

Do requests made via private assistants still show in the audit log?

For now, yes, both private and public assistants still show their requests and responses in the elvex audit log. This means administrators can currently see all conversation content, even from private assistants. In a subsequent release, we plan to change this behavior so that admins can see that private assistant requests were made, but not see the detail of the request or response of that private assistant. This is an area we're open to feedback on so if you have thoughts, please let us know at [email protected].

Can I use private assistants via Slack?

Yes, but with some caveats.

Setting your assistant's visibility to Private means that you cannot set Slack permissions to "All Slack users" as this would potentially allow non-authorized users to use your assistant and its connected datasources. Private assistants can only have the "Match elvex permissions" setting enabled for Slack which effectively means that you can only use Private assistants via direct messages in Slack.

Can I use private assistants via the API?

Yes. You can add an API user to a private assistant giving that user only the ability to see that assistant.

While you can assign either the Viewer or Editor role to an API user, it currently doesn't make much of a difference as API users cannot edit assistants via the API.

Did this answer your question?