Manage Roles for UI Access

Capella AI Services

how-to

Your level of access to Capella AI Services using the Capella UI is determined by your organization and project roles.

To interact with Capella AI Services using the Capella UI, you need an organization role and 1 or more project roles.

Prerequisites

You need to be the Organization Owner to invite new users to your organization and assign organization roles.
To add collaborators to a project and assign project roles, you need to be a Project Owner for that project. If you’re the Organization Owner, you already have this role.

Assign Organization and Project Roles

To assign organization and project roles, complete the following steps:

Add the user to your organization.
1. Assign the user 1 or more organization roles.
Add the user as a collaborator to your project.
1. Assign the user 1 or more project roles.

Organization and Project Role Permissions for AI Services

The permissions for Capella AI Services are driven by both your organization and project roles. Some services, such as the Model Service, only depend on your organization role. Most services, such as Workflows and AI Functions, depend on both your organization and project roles because they require interaction with a Capella operational cluster.

For more information about project roles and how they apply to operational clusters, see Project Roles.

Platform Permissions

Your organization role determines how you configure AI Services platform-level features. The following table describes the organization roles as they apply to platform-level features:

Table 1. Organization roles and platform features
Organization Role	Add and Manage Integrations	View Integrations	Add Private Endpoints for Models	View Private Endpoints for Models
Organization Owner	✔	✔	✔	✔
Project Creator	✖	✖	✖	✖
Organization Member	✖	✖	✖	✖

Model Service Permissions

The Model Service operates at the organization level, so only your organization role determines your level of access to it.

The following table describes the organization roles as they apply to the Model Service:

Table 2. Organization roles and the Model Service
Organization Role	Create and manage models	Add and View Model API Keys	View models
Organization Owner	✔	✔	✔
Project Creator	✖	✖	✔
Organization Member	✖	✖	✔

Workflows Permissions

Both organization and project roles determine your level of access to Workflows. When determining project roles, keep in mind that you must be a collaborator on the same project with the operational cluster that your Workflows interacts with.

The following table describes the organization roles as they apply to Workflows:

Table 3. Organization roles and Workflows
Organization Role	Create workflows	Edit workflows	Delete workflows	Run workflows	View workflows
Organization Owner	✔	✔	✔	✔	✔
Project Creator	✖	✖	✖	✖	✖
Organization Member	✖	✖	✖	✖	✖

The following table describes the project roles as they apply to Workflows, for projects containing the operational cluster that your Workflows interacts with:

Table 4. Project roles and Workflows
Project Role	Create workflows	Edit workflows	Delete workflows	Run workflows	View workflows
Project Owner	✔	✔	✔	✔	✔
Project Cluster Manager	✔	✔	✔	✖	✔
Project Cluster Viewer	✖	✖	✖	✖	✔
Project Data Writer	✖	✖	✖	✔	✔
Project Data Reader	✖	✖	✖	✖	✔

AI Functions Permissions

Both organization and project roles determine your level of access to AI Functions. When determining project roles, keep in mind that you must be a collaborator on the same project that has the operational cluster where you’re interacting with AI Functions.

The following table describes the organization roles as they apply to AI Functions:

Table 5. Organization roles and AI Functions
Organization Role	Enable AI Functions	Run AI Functions	Update AI Functions	View AI Functions
Organization Owner	✔	✔	✔	✔
Project Creator	✖	✖	✖	✔
Organization Member	✖	✖	✖	✔

The following table describes the project roles as they apply to AI Functions, for projects containing the operational cluster where you’re enabling and interacting with AI Functions:

Table 6. Project roles and AI Functions
Project Role	Enable AI Functions	Run AI Functions	View AI Functions	View AI Functions Examples
Project Owner	✔	✔	✔	✔
Project Cluster Manager	✖	✖	✔	✔
Project Cluster Viewer	✖	✖	✔	✔
Project Data Writer	✖	✖	✔	✔
Project Data Reader	✖	✖	✔	✔

Agent Catalog Permissions

Both organization and project roles determine your level of access to Agent Catalog - specifically Agent Tracer and the Tools and Prompts Hub. When determining project roles, keep in mind that you must be a collaborator on the same project that has the operational cluster supporting Agent Catalog.

Programmatic Access

The Agent Catalog uses programmatic access to read and write data to your Capella operational cluster. Any user with cluster access credentials for your Agent Catalog bucket has programmatic access to your Agent Catalog data. For example, if a user has cluster access credentials that provide read and write access to your Agent Catalog bucket, they can read and write data in the Agent Catalog regardless of their organization or project roles.

For more information about Cluster Access Credentials, see Manage Cluster Access Credentials.

The following table describes the organization roles as they apply to Agent Catalog:

Table 7. Organization roles and Agent Catalog
Organization Role	View Tools Hub	View Prompts Hub	View Tracer UI
Organization Owner	✔	✔	✔
Project Creator	✖	✖	✖
Organization Member	✖	✖	✖

The following table describes the project roles for projects containing the operational cluster that’s supporting Agent Catalog:

Table 8. Project roles and Agent Catalog
Project Role	View Tools Hub	View Prompts Hub	View Tracer UI
Project Owner	✔	✔	✔
Project Cluster Manager	✖	✖	✖
Project Cluster Viewer	✔	✔	✔
Project Data Writer	✖	✖	✖
Project Data Reader	✔	✔	✔

Next Steps

To access and manage AI Services using APIs, see Get Started with Capella AI Services APIs.
To set up single sign-on (SSO) for your organization, see Add SSO Authentication.