For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
BlogLog InRequest Demo
HomeProductDevelopersSelf-HostingChangelog
HomeProductDevelopersSelf-HostingChangelog
  • Getting Started
    • Overview
  • Agent Builder
    • Using the Agent Builder
  • Prompts
    • Prompt Engineering
    • Collaboration
    • Custom Models
    • Multimodality
    • Prompt Caching
  • Workflows
    • Introduction
    • Experimenting
    • Integrating
    • Function Calling
  • Evaluation & Test Suites
    • Quantitative Evaluation
    • Evaluating RAG Pipelines
    • Online Evaluations
  • Metrics
    • Out of the Box Metrics
    • Custom Metrics
    • Reusing Metrics in Test Suites
  • Deployments
    • Deployment Lifecycle Management
    • Observability in Production
    • Environments
    • Release Tags
    • Release Reviews
  • Monitoring
    • Monitoring Production Trends
    • Track Workflow Execution Costs
    • Datadog Integration
    • Webhook Integration
    • Execution URLs
  • Documents
    • Uploading Documents
    • Integrating w/ Search API
    • Metadata Filtering
  • Security
    • Data Privacy and Storage
    • HMAC Authentication
    • Role-Based Access Control (RBAC)
    • Static IPs
  • Organizations
    • Manage Organization Access
    • Data Retention Policies
LogoLogo
BlogLog InRequest Demo
On this page
  • Available Roles
  • Admin
  • Deployment Editor
  • Document Index Editor
  • Test Suite Editor
  • Playground Editor
  • Member
  • Managing User Roles
  • Best Practices
Security

Role-Based Access Control (RBAC)

Was this page helpful?
Previous

Static IPs

Next
Built with

Vellum uses Role-Based Access Control (RBAC) to manage user permissions within Workspaces. Each user in a Workspace is assigned a specific role that determines what actions they can perform.

Available Roles

Vellum provides several predefined roles with different permission levels:

Admin

Administrators have the highest level of permissions and can manage all aspects of a workspace, including:

  • Delete workspace
  • Update workspace general settings
  • Update workspace user roles
  • Create, delete, and manage API keys
  • Create, update, and delete secrets
  • Create, update, and delete provider credentials
  • Update ML models

Deployment Editor

Users with the Deployment Editor role can manage prompt deployments:

  • Create prompt versions
  • Create deployments
  • Update deployments
  • Delete deployments

Document Index Editor

Document Index Editors can manage document indexes and their contents:

  • Upsert documents
  • Delete documents
  • Create document indexes
  • Update document indexes
  • Delete document indexes

Test Suite Editor

Test Suite Editors can manage test suites:

  • Create test suites
  • Update test suites
  • Delete test suites

Playground Editor

Playground Editors can work with sandboxes:

  • Create sandboxes
  • Update sandboxes
  • Delete sandboxes

Member

The Member role is the most restrictive role and has read-only access to the workspace. Members can view resources but cannot create, update, or delete them.

Managing User Roles

Workspace administrators can manage user roles through the Workspace settings. To update a user’s role:

  1. Navigate to your Workspace settings
  2. Find the user you want to update
  3. Change their role using the dropdown menu
  4. Save your changes

Only users with the Admin role can change user roles within a workspace.

Best Practices

When assigning roles to users, follow the principle of least privilege:

  • Assign the most restrictive role that still allows users to perform their required tasks
  • Regularly review user roles and remove unnecessary permissions
  • Limit the number of users with Admin privileges

By carefully managing user roles, you can ensure that users have access to the resources they need while maintaining the security of your workspace.