> ## Documentation Index
> Fetch the complete documentation index at: https://docs.requesty.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# RBAC (Role-Based Access Control)

> Control user access and visibility across observability, API keys, analytics, and all platform features based on organizational roles

Role-Based Access Control (RBAC) provides comprehensive access management across the entire Requesty platform, ensuring users only see and access data appropriate to their organizational role and responsibilities.

<Note>
  **[Configure access control](https://app.requesty.ai/admin-panel/users)** in the Requesty Console.
</Note>

## Overview

RBAC forms the foundation of enterprise security by controlling what users can see and do across observability, API keys, analytics, logs, and all platform features. This ensures data isolation, security compliance, and appropriate access levels for different organizational roles.

### What RBAC Controls

<CardGroup cols={2}>
  <Card title="Data Visibility" icon="eye">
    Control which logs, analytics, and observability data users can access
  </Card>

  <Card title="API Key Management" icon="key">
    Manage who can create, modify, and view different API keys
  </Card>

  <Card title="Platform Features" icon="cog">
    Control access to admin panels, settings, and enterprise features
  </Card>

  <Card title="User Isolation" icon="user-shield">
    Ensure users only see their own data unless granted broader permissions
  </Card>
</CardGroup>

## Core RBAC Principles

### Access Control Scope

**Platform-Wide Coverage:**

* Observability dashboards and metrics
* API key creation and management
* Log viewing and analytics
* User and group management
* Billing and usage data
* Administrative functions

**Data Isolation:**

* Individual users see only their own data by default
* Admins have organization-wide visibility
* Role-based expansion of access permissions
* Secure multi-tenant data separation

## Current Role Types

### Standard User Role

**Default Access Level:**

* **Personal Data Only**: Users see logs, analytics, and metrics for their own API usage
* **Own API Keys**: Can create, modify, and view their personal API keys
* **Limited Observability**: Access to personal performance metrics and usage data
* **Basic Settings**: Manage personal account settings and preferences

**What Standard Users See:**

* Personal API request logs
* Individual usage analytics
* Own spending and limit information
* Personal session data and context

### Administrator Role

**Organization-Wide Access:**

* **All User Data**: Complete visibility into organization logs, analytics, and metrics
* **Full API Key Management**: Create, modify, and view all organization API keys
* **Complete Observability**: Access to organization-wide performance and usage data
* **Administrative Functions**: User management, group configuration, enterprise features

**What Administrators See:**

* All organization API request logs
* Organization-wide analytics and trends
* All user spending and usage patterns
* Complete audit trails and system metrics
* Enterprise feature configuration panels

## RBAC Implementation Across Features

### Observability & Analytics

<Tabs>
  <Tab title="Standard Users">
    **Personal Dashboard:**: Individual API usage metrics - Personal request/response logs - Own performance analytics - Personal cost
    tracking - Individual error rates and patterns
  </Tab>

  <Tab title="Administrators">
    **Organization Dashboard:**: Organization-wide usage metrics - All user logs and analytics - Complete performance overview -
    Organization cost analysis - System-wide error tracking and trends
  </Tab>
</Tabs>

### API Key Management

```mermaid theme={"dark"}
graph TD
    A[User Login] --> B{Role Check}
    B -->|Standard User| C[Personal API Keys Only]
    B -->|Administrator| D[All Organization API Keys]

    C --> E[Create Personal Keys]
    C --> F[View Own Usage]
    C --> G[Manage Own Limits]

    D --> H[Create Any API Key]
    D --> I[View All Usage]
    D --> J[Manage All Keys]
    D --> K[Set Organization Policies]
```

### Data Access Patterns

**Standard User Data Flow:**

1. User authenticates with platform
2. RBAC filters show only personal data
3. API keys display user's own keys only
4. Analytics show individual usage patterns
5. Logs contain only user's API requests

**Administrator Data Flow:**

1. Admin authenticates with elevated permissions
2. RBAC grants organization-wide visibility
3. All API keys and users visible
4. Complete analytics and metrics access
5. Full audit trail and system logs available

## Security & Compliance Benefits

### Data Protection

**User Privacy:**

* Automatic data isolation between users
* Personal information protected from other users
* Individual usage patterns kept private
* Secure separation of user contexts

**Organization Security:**

* Administrative oversight with complete visibility
* Audit trails for compliance requirements
* Centralized security policy enforcement
* Role-appropriate access controls

### Compliance Advantages

<AccordionGroup>
  <Accordion title="Data Governance">
    **Regulatory Compliance:**

    * Clear data access boundaries for audits
    * Role-based data handling procedures
    * Documented access control policies
    * Compliance with privacy regulations
  </Accordion>

  <Accordion title="Security Standards">
    **Enterprise Security:**

    * Principle of least privilege implementation
    * Regular access review capabilities
    * Secure multi-tenant architecture
    * SOC 2 and enterprise compliance support
  </Accordion>

  <Accordion title="Audit & Monitoring">
    **Operational Oversight:**

    * Complete audit trails for all access
    * Role-based activity monitoring
    * Security incident detection and response
    * Compliance reporting capabilities
  </Accordion>
</AccordionGroup>

## Integration with Enterprise Features

### Works with Other Systems

**User Management Integration:**

* User roles determine platform access levels
* Individual users automatically isolated
* Admin users get organization-wide visibility
* Role assignments control feature access

**Group-Based Enhancement:**

* Groups can have shared visibility permissions
* Group admins may see group-specific data
* Flexible role assignment within groups
* Enhanced collaboration with controlled access

**API Key Policy Integration:**

* RBAC controls who can create and modify API keys
* Role-based API key sharing and management
* Permission levels for different key types
* Administrative oversight of all organization keys

### Enterprise Feature Access

**Feature Visibility Matrix:**

| Feature             | Standard User | Administrator  |
| ------------------- | ------------- | -------------- |
| Personal Analytics  | ✅ Own Data    | ✅ All Data     |
| API Key Creation    | ✅ Personal    | ✅ Organization |
| User Management     | ❌             | ✅              |
| Group Configuration | ❌             | ✅              |
| Approved Models     | ❌             | ✅              |
| Guardrails Config   | ❌             | ✅              |
| Billing Overview    | ✅ Personal    | ✅ Organization |
| System Settings     | ❌             | ✅              |

## Future Role Expansion

### Custom Roles (Coming Soon)

**Planned Role Types:**

* **Group Administrators**: Manage specific groups with limited admin access
* **Read-Only Analysts**: View organization data without modification permissions
* **API Key Managers**: Specialized role for API key creation and management
* **Billing Administrators**: Financial oversight without technical admin access

**Custom Permission Sets:**

* Granular permission assignment
* Mix-and-match capability access
* Department-specific role creation
* Project-based access controls

### Advanced RBAC Features

**Enhanced Capabilities:**

* Time-based role assignments
* Conditional access based on usage patterns
* Integration with external identity providers
* Advanced audit and compliance reporting

## Best Practices

### Role Assignment Strategy

<CardGroup cols={2}>
  <Card title="Start Minimal" icon="user-check">
    Begin with standard user roles and promote to admin only when necessary
  </Card>

  <Card title="Regular Review" icon="sync">
    Periodically review role assignments and adjust based on organizational changes
  </Card>

  <Card title="Audit Access" icon="search">
    Monitor admin access patterns and maintain audit trails for compliance
  </Card>

  <Card title="Document Roles" icon="file-text">
    Maintain clear documentation of who has admin access and why
  </Card>
</CardGroup>

### Security Implementation

**Access Management:**

* Limit admin roles to essential personnel only
* Regular access reviews and role updates
* Clear escalation procedures for access requests
* Integration with existing identity management systems

**Monitoring & Compliance:**

* Log all administrative actions
* Monitor for unusual access patterns
* Regular compliance assessments
* Incident response procedures for access violations

## User Experience

### For Standard Users

**Simplified Interface:**

* Clean, focused view of personal data
* No overwhelming organization-wide information
* Intuitive access to personal features
* Clear visibility into own usage and costs

### For Administrators

**Comprehensive Control:**

* Complete organization visibility
* Administrative tools and configuration panels
* User management and oversight capabilities
* Enterprise feature configuration access

<Note>
  RBAC ensures that every user has the right level of access for their role while maintaining security and compliance across your
  organization's AI infrastructure.
</Note>

<Warning>
  Administrator roles have significant access to organization data and settings. Carefully manage admin role assignments and regularly
  review access permissions to maintain security.
</Warning>

The RBAC system provides the security foundation that enables safe, compliant, and efficient AI operations across your entire organization while ensuring appropriate data visibility and access control for all users.