User role permissions by use case Innovation Release
This documentation covers the current Innovation Release of
EDB Postgres AI. See also:
- Hybrid Manager dual release strategy
- Documentation for the current Long-term support release
Authorization of these user roles follows a role-based access control (RBAC) model with the restrictions applying to a specific scope—either within one project or within one account.
The following list doesn't cover Postgres cluster database authorization.
Currently, you can't create custom roles. Only these 14 predefined roles are available.
| Permissions | Organization Administrator | Organization Owner | Platform Admin | AI Model Manager | Project Owner | Project Editor | Project Viewer | Estate Ingester | Pipeline Editor | Catalog Data reader | Catalog Data writer | Migration Portal Projects Owner | Migration Portal Projects Editor | Migration Portal Projects Viewer |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Access Ops apps (launchpad) | X | |||||||||||||
| Manage notification credentials | X | |||||||||||||
| Manage identity provider integrations | X | |||||||||||||
| Manage users | X | |||||||||||||
| View users | X | X | X | X | ||||||||||
| Assign org roles | X | |||||||||||||
| Update and delete tags | X | X | ||||||||||||
| View projects within the org | X | X | ||||||||||||
| Update and delete projects | X | |||||||||||||
| View roles assigned at the project level | X | X | X | X | ||||||||||
| View activity log for the org | X | X | ||||||||||||
| View and download usage report for the project | X | X | X | |||||||||||
| View and download usage report for the org | X | X | ||||||||||||
| Create projects within the org | X | |||||||||||||
| Assign project roles | X | X | ||||||||||||
| Create, edit, and delete Postgres clusters | X | X | ||||||||||||
| View Postgres clusters, backups, estates, report and migrations | X | X | X | |||||||||||
| View Postgres cluster metrics, logs, recommendations and alerts | X | X | X | |||||||||||
| View org role mapping rules | X | X | ||||||||||||
| Create, update, and delete org role mapping rules | X | |||||||||||||
| View project role mapping rules | X | X | X | X | ||||||||||
| Create, update, and delete project role mapping rules | X | X | ||||||||||||
| View activity log for the project | X | X | X | |||||||||||
| View, edit, and delete owned projects | X | |||||||||||||
| Ingest self-managed Postgres cluster data | X* | |||||||||||||
| Create, update, and delete marketplace apps | X | X | ||||||||||||
| List marketplace apps | X | X | X | |||||||||||
| Create, update, and delete catalog | X | X | ||||||||||||
| List catalog | X | |||||||||||||
| Read access to catalog Iceberg table data | X | X | ||||||||||||
| Write and delete access to catalog Iceberg table data | X | |||||||||||||
| Manage AI models and inference services | X | |||||||||||||
| Access inference services | X | |||||||||||||
| Create, view, update, delete, and execute pipelines | X | |||||||||||||
| View, delete, and execute knowledge base | X | |||||||||||||
| View pipelines | X | X | ||||||||||||
| View published and deployed flows | X | X | X | |||||||||||
| Create and update published and deployed flows | X | X | ||||||||||||
| Delete deployed flows | X | |||||||||||||
| Delete published flows | X | |||||||||||||
| View Migration Portal projects | X | X | X | |||||||||||
| View and update Migration Portal projects | X | X | ||||||||||||
| Manage Migration Portal projects | X |
* Only machine-users can be assigned to ingest self-managed cluster data.
The following functionality is available to all authenticated users, regardless of assigned role:
- Access to the chatbot. Users must still have roles that grant access to the relevant resources (for example, Postgres clusters, AI models, and pipelines) to interact with them through the chatbot.
- Manage Postgres image repositories and repository rules.
- Access to Hybrid Manager-managed Langflow from the launchpad.