Skip to main content

Roles and permissions

Understand how access to assistants and datasources are governed within elvex.

Updated yesterday

Your permission to view, use, modify, and delete assistants and Datasources within elvex is based on a combination of your role in your company, the visibility, and your specific role for a given Assistant or Datasource. See below for a short overview video with more in-depth documentation following.

Company-wide roles

When you're invited to elvex, your administrator selects a role which can be a Consumer, Creator, or Admin. This role determines your permissions across elvex, but works in tandem with specific roles you may have been granted on an Assistant or Datasource.

Role

Permissions

Consumer

Assistants

  • Can view and use assistants (that are shared with them).

Datasources

  • Can view Datasources (that are shared with them).

Creator

Assistants

  • Can create new Assistants.

  • Can view and use Assistants (that they created or that are shared with them).

  • Can edit and delete Assistants (that they have Editor access to or that they are an Owner of, respectively).

Datasources

  • Can create new Datasources.

  • Can edit and delete Datasources (that they have Editor access to or that they are an Owner of, respectively).

Administrator

Company

  • Can view and edit company information (name, etc.)

  • Can invite others to the company.

  • Can edit global AI filters.

  • Can add and edit AI providers.

  • Can configure integrations (e.g. Slack).

Assistants

All of the Creator permissions.

Datasources

All of the Creator permissions.

Owner

Company

  • Can view and edit company information (name, etc.)

  • Can invite others to the company.

  • Can edit global AI filters.

  • Can add and edit AI providers.

  • Can configure integrations (e.g. Slack).

Assistants

Can use, view, edit and delete all assistants regardless of an assistant's visibility setting.

Datasources

Can use, view, edit and delete all Datasources regardless of a Datasource's visibility setting.

Assistant and Datasource Visibility

Assistants and Datasources have a Visibility setting which can either be:

  • Private: Only you, company Owners and users you explicitly share the Assistant or Datasource with can use or edit it.

  • Public: Everyone in your company will be able to see and use this Assistant or Datasource but only editors will be able to modify it.

By default, all new Assistants and Datasources have their visibility set to Private.

Assistant and Datasource roles and permissions

Assistants and Datasources allow you to add users with one of two roles: Viewer or Editor.

Reminder: If an Assistant or Datasource has its visibility set to Public, all users in your company effectively have the role of Viewer.

Important: Public Assistants can use private Datasources.

By sharing a private Datasource with others, you are allowing those users to attach it to any assistant they create, including public assistants. While this greatly simplifies permissions since the creator of a Datasource does not have to share it with anyone who may have access via an assistant, it does create a loophole. It is possible to create a private Datasource, attach it to a public assistant and any requests to that assistant will work for all users who have access to the assistant.

Below, we'll explore each of the available roles and their associated permissions:

Role

Permissions

Viewer

Assistants

  • Can view the assistant and clone it.

  • Can use the assistant via the elvex interface and Slack (depending on the assistant's Slack settings).

Datasources

  • Can view the Datasource and see connected files.

  • Can connect the Datasource to an assistant.

Editor

Assistants

All of the Viewer permissions, plus:

  • Can edit an assistant's configuration (name, description, context, rules, filters, provider, model, etc.).

  • Can connect and disconnect Datasources.

  • Can share the assistant with others, change the role of users, and revoke access.

Datasources

All of the Viewer permissions for Datasources, plus:

  • Can edit a Datasource's configuration (name, description, etc.).

  • Can add or remove files from the Datasource.

  • Can share the Datasource with others, change the role of users, and revoke access.

Owner

The Owner of an assistant or Datasource is the user that created that assistant or Datasource.

Assistants

All of the Editor permissions, plus:

  • Can delete the assistant.

  • Can transfer ownership (currently unavailable, planned for a future release).

Datasources

All of the Editor permissions, plus:

  • Can delete the Datasource.

  • Can transfer ownership (currently unavailable, planned for a future release).

Role details: Assistants

The table below outlines how roles and permissions work with assistant and company-wide roles. Ultimately, your role on an individual assistant dictates most of the actions you can take with that assistant.

Permission

Assistant Role

Company Role

Viewer

Editor

Owner

Consumer

Creator

Admin

Can create new assistants

✔️

✔️

Can view an assistant

✔️

✔️

✔️

✔️

✔️

✔️

Can edit an assistant's configuration

✔️

✔️

✔️

✔️

Can connect / disconnect a Datasource

✔️

✔️

✔️

✔️

Can share an assistant with others

✔️

✔️

✔️

✔️

Can delete an assistant

✔️

✔️

✔️

Role details: Datasources

The table below outlines how roles and permissions work with Datasources and company-wide roles. Ultimately, your role on an individual Datasource dictates most of the actions you can take with that Datasource.

Permission

Datasource Role

Company

Role

Viewer

Editor

Owner

Consumer

Creator

Admin

Can create new Datasources

✔️

✔️

Can view a Datasource's configuration

✔️

✔️

✔️

✔️

✔️

✔️

Can edit a Datasource configuration (including modifying files)

✔️

✔️

✔️

✔️

Can share a Datasource with others

✔️

✔️

✔️

✔️

Can delete a Datasource

✔️

✔️

✔️

FAQs

  • How do I share an Assistant or Datasource with my entire company?

    Modify the Visibility of the Assistant or Datasource and set it to "Public". This will effectively give all users within your company Viewer access to this Assistant or Datasource allowing them to use it, but not modify it.

  • How do I share an Assistant or Datasource with someone?
    For assistants, expand the "Security & Permissions" setting and add a user by searching for them by name or email address. After you add a user, you'll be able to configure their access by assigning their role.


    Datasources are similar but you'll want to scroll to "Permissions".

  • Where do I go to modify Assistant or Datasource permissions?
    For assistants, expand the "Security & Permissions" setting. For Datasources, scroll to "Permissions"

  • How does elvex determine the owner of an assistant or Datasource?
    The owner of an Assistant or Datasource is always the person that created that assistant or datasource, unless ownership has been transferred to another .

  • How do I transfer ownership of an Assistant or Datasource?
    This is currently only supported via a support request to [email protected] but we'll soon allow owners to transfer ownership.

  • What happens if someone clones an assistant that was connected to a private Datasource?
    The answer here depends on what access the user cloning the assistant has to the underlying Datasource. If the user has access to the Datasource via Viewer, Editor or Owner roles, the cloned assistant will contain a connection to the original Datasource. If the user cloning the assistant does not have access to the Datasource, they will create an assistant with identical configuration to that of the initial assistant, but the cloned assistant will not have access to the original Datasource. The assistant creator will have to request access to the Datasource.

  • What is the default visibility for new Assistants or Datasources?
    All new Assistants or Datasources default to their visibility set to private.

  • Do requests made via private assistants still show in the audit log?
    For now, yes, both private and public assistants still show their requests and responses in the elvex audit log. In a subsequent release, we plan to change this behavior so that admins can see that private assistant requests were made, but not see the detail of the request or response of that private assistant. This is an area we're open to feedback on so if you have thoughts, please let us know at [email protected].

  • Can I use private assistants via Slack?
    Yes, but with some caveats.

    Setting your assistant's visibility to Private means that you cannot set Slack permissions to "All Slack users" as this would potentially allow non-authorized users to use your assistant and its connected Datasources. Private assistants can only have the "Match elvex permissions" setting enabled for Slack which effectively means that you can only use Private assistants via direct messages in Slack.


  • Can I use private assistants via the API?
    Yes. You can add an API user to a private assistant giving that user only the ability to see that assistant.



    While you can assign either the Viewer or Editor role to an API user, it currently doesn't make much of a difference as API users cannot edit assistants via the API.

Did this answer your question?