Roles & Permissions
Role-based access control (RBAC) with four hierarchical roles.
Ctrl AI uses a four-level role hierarchy. Each role inherits the permissions of all lower roles.
Role Hierarchy
Viewer → Reviewer → Author → AdminPermission Matrix
| Action | Viewer | Reviewer | Author | Admin |
|---|---|---|---|---|
| View units & workflows | Yes | Yes | Yes | Yes |
| Run inference queries | Yes | Yes | Yes | Yes |
| View audit logs | Yes | Yes | Yes | Yes |
| Verify/review units | — | Yes | Yes | Yes |
| Create & edit units | — | — | Yes | Yes |
| Create & edit workflows | — | — | Yes | Yes |
| Compose workflows (AI) | — | — | Yes | Yes |
| Import documents | — | — | Yes | Yes |
| Invite members | — | — | — | Yes |
| Manage API keys | — | — | — | Yes |
| Configure LLM settings | — | — | — | Yes |
| Manage billing | — | — | — | Yes |
| Export audit logs (CSV) | — | — | — | Yes |
| Delete units | — | — | — | Yes |
| Assign reviewers | — | — | — | Yes |
Separation of Duties
A unit's creator cannot be its sole verifier. This is enforced by the verification system:
- At least 2 reviewers must approve
- Approval rate must be ≥80%
- The creator can be one of the reviewers, but not the only one
This ensures no single person can create and approve their own reasoning units — critical for audit compliance.
API Key Roles
API keys get the author role by default. This means programmatic access can:
- Read all org data
- Create and edit units
- Run inference queries
- Cannot manage members, billing, or API keys
Changing Roles
Admins can change a member's role via Settings > Members or through the API:
PATCH /api/v1/orgs/{slug}/members/{id}
{ "role": "reviewer" }