Managing Roles, Plans, and Permissions
Learn how to manage user access and permissions in allmates.ai through a multi-layered system of roles and plans. This guide covers controls at both the organization and workspace levels.
Last updated 3 months ago
Documentation: Managing Roles, Plans, and Permissions in allmates.ai
Introduction
allmates.ai provides a robust, multi-layered system for access control, ensuring security, privacy, and effective governance across your organization. Management is handled at two primary levels: the Organization level and the Workspace level.
This document outlines the different roles and plans available, explaining how they work together to control user access and capabilities on the platform.
1. Organization-Level Controls
At the highest level, every member of an organization is assigned a Role and a Plan. These two attributes work together to define a member's permissions and access to features.
Role: Determines a member's administrative control over the organization's settings and members.
Plan: Determines the features a member can use within the platform.
1.1. Organization Member Roles
The following roles can be assigned to members within your organization's settings:
Owner: The highest level of access. Owners can manage all organization settings, including billing, analytics, member roles, and can invite or remove any other member, including other Owners and Admins.
Admin: A delegated administrative role. Admins can manage day-to-day settings, such as inviting new members and managing connections and tools. They cannot manage Owners.
User: The standard, non-administrative role. Users can actively participate in the platform by sending messages and using the features granted to them by their assigned Plan. They cannot change organization settings.
Viewer: A read-only role. Viewers can see content and conversations they have been given access to but cannot send messages or interact with Mates. This is useful for providing observational access to stakeholders or for support purposes.
Suspended: This status revokes a member's access to the organization entirely. They will not be able to log in. This is the standard method for offboarding a user, as it preserves their historical contributions to conversations while securing access.
1.2. Organization Member Plans
Plans control which features a member can access and use. This allows organizations to tailor the user experience and manage costs and security risks effectively.
Expert: Includes all "Advanced" features, plus the ability to create new Mates, access their configuration, and manage tool instances.
Advanced: Includes all "Standard" features, plus access to collaborative workspaces and the ability to onboard Mates from the store.
Standard: Includes all "Essential" features, plus the ability to upload files.
Essential: Provides a ChatGPT-like interface limited to personal chats. Members on this plan cannot upload files.
Feature | Essential | Standard | Advanced | Expert |
Personal Chats | ✅ | ✅ | ✅ | ✅ |
File Uploads | ❌ | ✅ | ✅ | ✅ |
Workspace Access | ❌ | ❌ | ✅ | ✅ |
Onboard Mates from Store | ❌ | ❌ | ✅ | ✅ |
Create/Manage Mates | ❌ | ❌ | ❌ | ✅ |
Manage Tools | ❌ | ❌ | ❌ | ✅ |
2. Workspace-Level Controls
Workspaces are the collaborative environments within your organization. They also have their own layer of access control.
2.1. Workspace Visibility
When creating a workspace, you can set its visibility:
Public Workspace: Any member of the organization (with an "Advanced" or "Expert" plan) can discover and join public workspaces and their associated conversations.
Private Workspace: Access is restricted to invited members only. Other members of the organization will not be able to see or join the workspace unless they are explicitly added.
Note: The visibility of a workspace (Public or Private) cannot be changed after it has been created.
2.2. Workspace Member Roles
Just like at the organization level, members within a specific workspace are assigned a role that defines their permissions inside that workspace:
Owner/Admin: Can manage the workspace settings and its members (invite, remove, or change the role of other members within that workspace).
User: Can participate in conversations within the workspace.
Viewer: Can view conversations but cannot post messages.
3. Customizable Plans for Enterprise Versions
For organizations on an Enterprise plan, allmates.ai offers the ability to customize the feature sets for each plan tier (Essential, Standard, Advanced, Expert). This allows your organization to create a bespoke governance model that aligns perfectly with your internal security and operational policies.
For example, an Enterprise customer could choose to enable document uploads for the "Essential" plan or disable workspace creation for the "Expert" plan. Please contact us to learn more about tailoring plans for your enterprise needs.