Organization Settings

Role-based access control defines what users can do in Twig.

User Roles

Twig has 4 user roles with escalating permissions:

Role	Description	Typical User
ReadOnly	Query agents, view responses	End users, employees
Train	Query + provide feedback, edit responses	Support agents, QA team
Configure	Train + manage agents, data sources, KB	Product managers, team leads
Admin	Configure + user management, billing, analytics	IT admins, account owners

Permission Matrix

Feature	ReadOnly	Train	Configure	Admin
Queries
Ask questions via Playground/API	✅	✅	✅	✅
View own query history	✅	✅	✅	✅
Edit own responses	❌	✅	✅	✅
Feedback & Training
Thumbs up/down on responses	❌	✅	✅	✅
View own interactions in Inbox	❌	✅	✅	✅
View team's interactions in Inbox	❌	✅	✅	✅
Edit team's responses	❌	✅	✅	✅
Configuration
Manage data sources	❌	❌	✅	✅
Create/edit AI agents	❌	❌	✅	✅
Manage Knowledge Base articles	❌	❌	✅	✅
Configure Auto KB generation	❌	❌	✅	✅
Administration
View analytics dashboard	❌	❌	❌	✅
Manage users and roles	❌	❌	❌	✅
Manage groups	❌	❌	❌	✅
View billing and usage	❌	❌	❌	✅
Generate API keys	❌	❌	❌	✅
Configure SSO	❌	❌	❌	✅

Assign Roles

Location: Admin → Users → [User Name] → Role (dropdown)

Steps:

1. Click Admin in left navigation
2. Select Users tab
3. Find user in list
4. Click Edit button
5. Select role from dropdown
6. Click Save

Expected result: User's role updates immediately. Changes take effect on next login or page refresh.

Role Guidelines

ReadOnly: For users who only need to ask questions and view answers

• Cannot provide feedback or edit responses
• No access to configuration or admin features
• Suitable for: All employees, customers (if public-facing)

Train: For users who help improve answer quality

• Can mark responses accurate/inaccurate
• Can edit responses for better phrasing
• Cannot modify agents or data sources
• Suitable for: Support agents, QA team, content reviewers

Configure: For users who manage AI behavior and content

• Full control over agents, data sources, KB
• Cannot access billing, user management, or analytics
• Suitable for: Product managers, engineering leads, content admins

Admin: For users who manage the organization

• Full access to all features
• Can view sensitive analytics and billing
• Can add/remove users and assign roles
• Suitable for: IT admins, account owners (limit to 2-3 users)

Observable Behavior

Role restrictions enforced:

• UI: Users don't see menu items they can't access
• API: Returns 403 Forbidden if user lacks permission

Example: ReadOnly user trying to create agent via API:

{
  "error": "Insufficient permissions",
  "required_role": "configure",
  "current_role": "readonly"
}

When This Doesn't Apply

For custom role definitions or permission granularity beyond these 4 roles, contact Enterprise sales for RBAC customization.

---

Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the ask query parameter:

GET /dev/product/administration/administration.md?ask=<question>

The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.