Skip to main content
All CollectionsKnowledge Base
Roles and permissions
Roles and permissions

Understand how access to apps and datasources are governed within elvex.

Updated over a week ago

Your permission to view, use, modify, and delete Apps and Datasources within elvex is based on a combination of your role in your company, the visibility, and your specific role for a given App or Datasource. See below for a short overview video with more in-depth documentation following.

Company-wide roles

When you're invited to elvex, your administrator selects a role which can be a Consumer, Creator, or Admin. This role determines your permissions across elvex, but works in tandem with specific roles you may have been granted on an App or Datasource.

Role

Permissions

Consumer

Apps

  • Can view and use Apps (that are shared with them).

Datasources

  • Can view Datasources (that are shared with them).

Creator

Apps

  • Can create new Apps.

  • Can view and use Apps (that they created or that are shared with them).

  • Can edit and delete Apps (that they have Editor access to or that they are an Owner of, respectively).

Datasources

  • Can create new Datasources.

  • Can edit and delete Datasources (that they have Editor access to or that they are an Owner of, respectively).

Administrator

Company

  • Can view and edit company information (name, etc.)

  • Can invite others to the company.

  • Can edit global AI filters.

  • Can add and edit AI providers.

  • Can configure integrations (e.g. Slack).

Apps

All of the Creator permissions.

Datasources

All of the Creator permissions.

Owner

Company

  • Can view and edit company information (name, etc.)

  • Can invite others to the company.

  • Can edit global AI filters.

  • Can add and edit AI providers.

  • Can configure integrations (e.g. Slack).

Apps

Can use, view, edit and delete all Apps regardless of an App's visibility setting.

Datasources

Can use, view, edit and delete all Datasources regardless of a Datasource's visibility setting.

App and Datasource Visibility

Apps and Datasources have a Visibility setting which can either be:

  • Private: Only you, company Owners and users you explicitly share the App or Datasource with can use or edit it.

  • Public: Everyone in your company will be able to see and use this App or Datasource but only editors will be able to modify it.

By default, all new Apps and Datasources have their visibility set to Private.

App and Datasource roles and permissions

Apps and Datasources allow you to add users with one of two roles: Viewer or Editor.

Reminder: If an App or Datasource has its visibility set to Public, all users in your company effectively have the role of Viewer.

Important: Public Apps can use private Datasources.

By sharing a private Datasource with others, you are allowing those users to attach it to any App they create, including public Apps. While this greatly simplifies permissions since the creator of a Datasource does not have to share it with anyone who may have access via an App, it does create a loophole. It is possible to create a private Datasource, attach it to a public App and any requests to that App will work for all users who have access to the App.

Below, we'll explore each of the available roles and their associated permissions:

Role

Permissions

Viewer

Apps

  • Can view the App and clone it.

  • Can use the App via the elvex interface and Slack (depending on the App's Slack settings).

Datasources

  • Can view the Datasource and see connected files.

  • Can connect the Datasource to an App.

Editor

Apps

All of the Viewer permissions, plus:

  • Can edit an App's configuration (name, description, context, rules, filters, provider, model, etc.).

  • Can connect and disconnect Datasources.

  • Can share the App with others, change the role of users, and revoke access.

Datasources

All of the Viewer permissions for Datasources, plus:

  • Can edit a Datasource's configuration (name, description, etc.).

  • Can add or remove files from the Datasource.

  • Can share the Datasource with others, change the role of users, and revoke access.

Owner

The Owner of an App or Datasource is the user that created that App or Datasource.

Apps

All of the Editor permissions, plus:

  • Can delete the App.

  • Can transfer ownership (currently unavailable, planned for a future release).

Datasources

All of the Editor permissions, plus:

  • Can delete the Datasource.

  • Can transfer ownership (currently unavailable, planned for a future release).

Role details: Apps

The table below outlines how roles and permissions work with App and company-wide roles. Ultimately, your role on an individual App dictates most of the actions you can take with that App.

Permission

App Role

Company Role

Viewer

Editor

Owner

Consumer

Creator

Admin

Can create new Apps

✔️

✔️

Can view an App

✔️

✔️

✔️

✔️

✔️

✔️

Can edit an App's configuration

✔️

✔️

✔️

✔️

Can connect / disconnect a Datasource

✔️

✔️

✔️

✔️

Can share an App with others

✔️

✔️

✔️

✔️

Can delete an App

✔️

✔️

✔️

Role details: Datasources

The table below outlines how roles and permissions work with Datasources and company-wide roles. Ultimately, your role on an individual Datasource dictates most of the actions you can take with that Datasource.

Permission

Datasource Role

Company

Role

Viewer

Editor

Owner

Consumer

Creator

Admin

Can create new Datasources

✔️

✔️

Can view a Datasource's configuration

✔️

✔️

✔️

✔️

✔️

✔️

Can edit a Datasource configuration (including modifying files)

✔️

✔️

✔️

✔️

Can share a Datasource with others

✔️

✔️

✔️

✔️

Can delete a Datasource

✔️

✔️

✔️

FAQs

  • How do I share an App or Datasource with my entire company?

    Modify the Visibility of the App or Datasource and set it to "Public". This will effectively give all users within your company Viewer access to this App or Datasource allowing them to use it, but not modify it.

  • How do I share an App or Datasource with someone?
    For Apps, expand the "Security & Permissions" setting and add a user by searching for them by name or email address. After you add a user, you'll be able to configure their access by assigning their role.


    Datasources are similar but you'll want to scroll to "Permissions".

  • Where do I go to modify App or Datasource permissions?
    For Apps, expand the "Security & Permissions" setting. For Datasources, scroll to "Permissions"

  • How does elvex determine the owner of an App or Datasource?
    The owner of an App or Datasource is always the person that created that app or datasource, unless ownership has been transferred to another .

  • How do I transfer ownership of an App or Datasource?
    This is currently only supported via a support request to [email protected] but we'll soon allow owners to transfer ownership.

  • What happens if someone clones an App that was connected to a private Datasource?
    The answer here depends on what access the user cloning the App has to the underlying Datasource. If the user has access to the Datasource via Viewer, Editor or Owner roles, the cloned App will contain a connection to the original Datasource. If the user cloning the App does not have access to the Datasource, they will create an App with identical configuration to that of the initial App, but the cloned App will not have access to the original Datasource. The App creator will have to request access to the Datasource.

  • What is the default visibility for new Apps or Datasources?
    All new Apps or Datasources default to their visibility set to private.

  • Do requests made via private Apps still show in the audit log?
    For now, yes, both private and public Apps still show their requests and responses in the elvex audit log. In a subsequent release, we plan to change this behavior so that admins can see that private App requests were made, but not see the detail of the request or response of that private App. This is an area we're open to feedback on so if you have thoughts, please let us know at [email protected].

  • Can I use private Apps via Slack?
    Yes, but with some caveats.

    Setting your App's visibility to Private means that you cannot set Slack permissions to "All Slack users" as this would potentially allow non-authorized users to use your App and its connected Datasources. Private Apps can only have the "Match elvex permissions" setting enabled for Slack which effectively means that you can only use Private Apps via direct messages in Slack.


  • Can I use private Apps via the API?
    Yes. You can add an API user to a private app giving that user only the ability to see that private app.



    While you can assign either the Viewer or Editor role to an API user, it currently doesn't make much of a difference as API users cannot edit apps via the API.

Did this answer your question?