AI Assistants Permissions

AI Assistants Permission Matrix

Role-by-role access control for workspace-owned assistants across read, run, update, publish, delete, and transfer operations.

Effective permission formula:Workspace Role Capability AND Entity Capability AND Plan/Feature Gate

Operation To Gate Mapping

OperationGate
Open assistant editorcanRead
Run assistant conversationcanRun
Edit config/behaviorcanUpdate
Publish/RevertcanUpdate
Delete assistantcanDelete
Move assistant across scopescanTransfer

Role Availability Matrix

RoleViewRunEdit/PublishDeleteTransfer
OwnerYesYesYesYesYes
AdminYesYesYesYesNo
ContributorYesYesYesNoNo
ReaderYesYesNoNoNo
GuestNoLimitedNoNoNo

Frequently Asked Questions

Everything you need to know

How are Assistant permissions calculated?

Effective permission is computed from workspace role capability, assistant entity capability, and plan/feature gates.

Can Reader use an Assistant?

Reader can view and run assistants where allowed, but cannot edit, publish, delete, or transfer.

Can Contributor delete assistants?

No. Contributor can build and update assistants but cannot delete or transfer them by default.

Can Admin transfer assistants between scopes?

Not by default. Transfer remains role-capped unless explicitly enabled.

What if permissions seem inconsistent in UI?

Backend authorization is authoritative. Any display-layer mismatch does not bypass protected checks.

Still have questions?

Contact our support team

Need cross-entity guidance across all workspace resources?

Back to AI AssistantsWorkspace Matrix