User Roles & Permissions
Learn about Portkey’s comprehensive role-based access control system across Organizations and Workspaces.
Portkey implements a comprehensive role-based access control (RBAC) system that operates across two main hierarchical levels: Organizations and Workspaces. This dual-layer approach ensures precise control over who can access what resources, enhancing security while enabling effective team collaboration.
Organization Level
Organizations represent the highest level of structure within Portkey. At this level, there are three distinct roles with varying levels of administrative control:
Owner
The highest authority with complete control of the organization
Admin
Extensive administrative privileges across the organization
Member
Base-level organization access, typically assigned to workspace roles
Organization Role Permissions
| Capability | Owner | Admin | Member (without workspace) |
|---|---|---|---|
| Billing Management | |||
| Manage Organization Settings | |||
| Create/Delete Workspaces | |||
| Manage Admin API Keys | |||
| Edit User Roles | |||
| Invite Organization Users | |||
| Configure Access Permissions | |||
| Access to All Workspaces |
Important: Organization Owners and Admins automatically receive Admin-level access to all workspaces within the organization. All users must first be added as Organization Members before they can be invited to any workspace.
Workspace Level
Workspaces are sub-organizational units that enable better team and project management. Each workspace maintains its own access control structure with three distinct roles:
Admin
Complete control over workspace configuration and team management
Manager
Administrative capabilities for team and resource management
Member
Read-only access to workspace resources
Workspace Role Permissions
| Capability | Admin | Manager | Member |
|---|---|---|---|
| Invite Organization Members to Workspace | |||
| Assign Workspace Roles (including Admin) | |||
| Create Workspace API Keys | |||
| Create/Update/Delete Resources | |||
| View Workspace Resources |
Member Access: Workspace Members have read-only access to workspace resources (logs, prompts, config, virtual keys etc.) but cannot create, update, or delete any resources.
Access Permission Configuration
Organization Owners and Admins can configure access permissions for various resources across workspaces. These settings determine what each role can access:
By default Workspace Admins and Managers have the same permissions unless changed by Organization Owner or Admin.
Logs Access Permissions
Control which roles can view, filter, and export logs
Virtual Key Permissions
Manage access to provider API keys for different roles
API Key Permissions
Configure API key creation and management rights
Key Workflow: Users must first be added as organization members before they can be invited to any workspace. Workspace admins and managers can then invite organization members to their workspace and assign appropriate roles.
Related Topics
Organizations
Workspaces
API Keys (AuthN and AuthZ)
Access Control Management
Was this page helpful?