Network and access controls
Guides Knowledge AI provides role-based access control at both the organization and domain level. Manage users and roles through the Security page in the left sidebar.
On the Users tab, view all users in your organization. Expand a user row to see their organization-level roles and per-domain role assignments. Use the Add user panel to invite a user by email, assign organization roles, and grant access to specific domains with chosen roles.
On the Roles tab, create custom roles with granular permissions. Each role has a name, description, and a scope (Organization or Domain).
Organization-scoped permissions
- Manage Org — modify organization-wide settings and view all domains.
- Manage Users — invite, edit, and remove users; assign roles.
- Create Site — create new domains within the organization.
Domain-scoped permissions
- Manage Content — upload, index, and manage documents in assigned domains.
- Delete Content — remove indexed documents and indexing jobs.
- Update Site — modify domain settings (model config, cache, widget, MCP, prompts).
- Delete Site — permanently delete a domain.
- Manage Evals — upload evaluation datasets, run experiments, and view results.
- Manage Access Control — edit the allowed-metadata vocabulary and enable/disable metadata-based access enforcement on the Access control settings tab.
- Download Signing Key — generate and rotate the HMAC signing key on the Access control tab. Without this permission, the signing key section is read-only.
API keys are managed under Settings → API keys for each domain. Keys can be assigned to specific integrations (widget, MCP, Slack) and inherit the permissions of the user who created them. See Settings for details on creating and managing API keys.