Guides Knowledge AI Documentation
Administration / Network and access controls

Network and access controls

Guides Knowledge AI provides role-based access control at both the organization and domain level. Manage users and roles through the Security page in the left sidebar.

On the Users tab, view all users in your organization. Expand a user row to see their organization-level roles and per-domain role assignments. Use the Add user panel to invite a user by email, assign organization roles, and grant access to specific domains with chosen roles.

On the Roles tab, create custom roles with granular permissions. Each role has a name, description, and a scope (Organization or Domain).

Organization-scoped permissions

  • Manage Org — modify organization-wide settings and view all domains.
  • Manage Users — invite, edit, and remove users; assign roles.
  • Create Site — create new domains within the organization.

Domain-scoped permissions

  • Manage Content — upload, index, and manage documents in assigned domains.
  • Delete Content — remove indexed documents and indexing jobs.
  • Update Site — modify domain settings (model config, cache, widget, MCP, prompts).
  • Delete Site — permanently delete a domain.
  • Manage Evals — upload evaluation datasets, run experiments, and view results.
  • Manage Access Control — edit the allowed-metadata vocabulary and enable/disable metadata-based access enforcement on the Access control settings tab.
  • Download Signing Key — generate and rotate the HMAC signing key on the Access control tab. Without this permission, the signing key section is read-only.

API keys are managed under Settings → API keys for each domain. Keys can be assigned to specific integrations (widget, MCP, Slack) and inherit the permissions of the user who created them. See Settings for details on creating and managing API keys.

FAQ

How do role-based access controls work in Guides Knowledge AI, and where do I manage them?
Guides Knowledge AI provides role-based access control at both the organization level and the domain level. You manage users and roles from the Security page in the left sidebar.
How do I invite a user and assign organization and domain roles?
Go to Security → Users to view all users in your organization and expand a user row to see their organization-level roles and per-domain assignments. Use the Add user panel to invite someone by email, assign organization roles, and grant access to specific domains with chosen roles.
How do I create a custom role, and what scopes can it have?
Create custom roles from the Security → Roles tab. Each role includes a name, description, and a scope that can be either Organization or Domain.
What permissions are available for organization-scoped roles?
Organization-scoped permissions include Manage Org (modify organization-wide settings and view all domains), Manage Users (invite, edit, and remove users and assign roles), and Create Site (create new domains within the organization). These permissions apply at the organization level.
Where do I manage API keys for a domain, and what permissions do they have?
API keys are managed per domain under Settings → API keys. Keys can be assigned to specific integrations (widget, MCP, Slack) and they inherit the permissions of the user who created them.