AI Agents Permissions
AI Agents Permission Matrix
Workspace-owned chatbot permissions by role for viewing, running, editing, publishing, deleting, and transferring.
Effective permission formula:
Workspace Role Capability AND Entity Capability AND Plan/Feature GateOperation To Gate Mapping
| Operation | Gate |
|---|---|
| Open chatbot design/leads page | canRead |
| Run preview/test chatbot | canRun |
| Edit configuration/content | canUpdate |
| Publish/Revert | canUpdate |
| Delete chatbot | canDelete |
| Move chatbot between scopes | canTransfer |
Role Availability Matrix
| Role | View | Run | Edit/Publish | Delete | Transfer |
|---|---|---|---|---|---|
| Owner | Yes | Yes | Yes | Yes | Yes |
| Admin | Yes | Yes | Yes | Yes | No |
| Contributor | Yes | Yes | Yes | No | No |
| Reader | Yes | Yes | No | No | No |
| Guest | No | Limited | No | No | No |
Frequently Asked Questions
Everything you need to know
How are AI Agent permissions calculated?
Effective permission is evaluated from workspace role capability, chatbot-level capability, and plan/feature gates.
Can Admin transfer an AI Agent by default?
No. Admin can manage most actions, but transfer is role-capped by default unless explicitly granted.
What can Reader do on AI Agents?
Reader can view and run where allowed, but cannot edit, publish, delete, or transfer.
Why can Guest run in some flows but not open management pages?
Guest is intentionally restricted to limited run entry points and does not get workspace management/detail access.
Can plan features still block actions?
Yes. Role permissions do not bypass feature gates. Disabled plan features remain unavailable.
Still have questions?
Contact our support teamNeed cross-entity guidance across all workspace resources?