Platform-side user permissions are used to manage adding and removing workspace members, and to control their functional and data permissions. Before reading this article, it is recommended to read Business, Workspace and Permission Overview to understand the relevant concepts.
Note:
Platform-side user permissions are an upgrade of the former "User Permission Management." Existing permission points are retained, with expanded functional permissions and data permissions, which will be explained in detail below.
Feature Description
Platform-side user permissions are workspace-level functions, allowing each workspace to independently control permissions of its members. This feature includes three components: User Management, Role Management, and Permission Management.
User Management: Manages members in the current workspace. You can add enterprise users to the workspace through User Management. Users added to the workspace are referred to as workspace members and can access the current workspace.
Add User: Supports adding enterprise users to the workspace. You can create new users under enterprise users and then add them to the workspace.
Remove user: After deletion, the user can no longer access the workspace.
Add Role: Assign a role to a user. The user then inherits the permissions of that role.
Note:
The main account does not appear in the workspace user list. However, it belongs to the "Super Administrator" role defined at the enterprise level and holds all enterprise-level and workspace-level permissions. See Enterprise Management for details.
Role Management: Roles represent user groups. You can create roles and add users to them for grouping purposes, then assign permissions to these roles through "Permission Management".
Add/Edit Role: Add new roles, or modify role name and description.
Note:
Each workspace includes a preset "Administrator" role with full permissions. The creator of the workspace is assigned to this role by default.
The Administrator role cannot be deleted or edited, and its scope cannot be changed. You can only add or remove users from it.
Manage user: Add or remove users from a role. Only current workspace members can be added. Removed users will lose the permissions of that role.
Delete Role: Once deleted, users of that role lose the associated permissions. This action cannot be undone.
Permission management: Supports assigning permissions either per user or per role, with both functional permissions and data permissions.
Allocate by user: Select individual users to assign functional permissions and data permissions. When a user is first added to the workspace, they are granted certain default functional and data permissions under this allocation method. See the "Functional Permissions" and "Data Permissions" sections below for details.
Note:
If a user is the preset Administrator, you cannot change their permissions via user-level assignment.
Allocate by role: Select a role and assign functional and data permissions. The preset Administrator role is excluded.
Note:
When a user is assigned both individual permissions and role permissions, the effective permissions will be the union of both sets.
Functional permissions: Functional permissions control available features within the workspace. Examples are shown below:
Level 1
Level 2
Level 3
Level 4
Default Users with Permissions
Agent Development Platform
Application Development
New Application
-
Super Administrators, Administrators (workspace)
Members first added to the workspace.
When a user is added to a workspace for the first time, they automatically receive certain functional permissions in "Platform-Side User Permissions - Permission Management - Allocate by User".
Import App
-
Knowledge Base
New Knowledge Base
-
Model Marketplace
Add Model
-
Delete Model
-
Plugin Marketplace
Create Plugin
-
Connect MCP plugin
-
Prompt Template
New Prompt Template
-
Application Template
Copy
-
Application Experience
-
Clear Conversation
-
Atomic Capabilities
-
-
Platform Management
Billing Resource Inventory
Pay-as-you-go Resources
Super Administrators, Administrators (workspace)
Other members must be granted permissions by a Super Administrator or workspace Administrator.
Concurrent Resources
Knowledge Library Capacity
Postpaid Settings
Billing Resource Usage Details
Model Usage Statistics
Concurrency Statistics
Knowledge Base Capacity Statistics
Plugin Usage Statistics
Platform-Side User Permissions
User management
Role management
Permission Assignment
Delete workspace
-
-
Modify workspace
-
-
Data permissions: Data permissions control which data a workspace member can view or edit within the current workspace. Supported objects include applications, knowledge bases, plugins, and prompt templates.
Note:
Users have edit permission for data they create by default. (Effective for data created on or after August 17, 2025. For data created prior to this date, permissions follow the rules set in "Data Permissions".)
Users added to a workspace for the first time have view permission by default for data created by others in that workspace.
Data permission settings apply only to data created by other users. Users always have "edit" permission for data they create.
Permissions
Permissions Description
No permission
Users without data access permissions cannot view the data in the workspace. For example, if User1 lacks permission for the "ds Experience App" in Workspace A, the app will not be visible in Workspace A's application development section.
Can be viewed
The current user can view data. For example, User1 has view permission for the "ds Experience App" in Workspace A, can view the app in the application development section, and experience it in dialogue testing, but cannot edit any content.
Can be edited
User can view and fully edit the data, including configuration, knowledge bases, workflows, etc.
Advanced customization
Users can customize permission bits for data operations, enabling/disabling specific actions individually. For example, Application A does not support publishing, while Application B supports publishing but does not allow switching application modes.
Full permissions list as follows:
Level 1
Level 2
Level 3
Level 4
Level 5
Data permission
Application
Application Configuration
Advanced Configuration
Application-side User Permissions
Context Rewriting
Retrieve Knowledge Base to Answer Image Questions
Intent Fulfillment Priority
Synonyms
Agent Collaboration Mode
-
Conversation Experience
Input Box Button
Recommended Questions
Edit Application
Application Mode
Welcome Message
-
Knowledge
Database Toggle
Document Retrieval Match Score
Document Toggle
Document Recall Count
Vector Model
Excel Retrieval Enhancement
Q&A Library Answer Response
Q&A Retrieval Match Score
Q&A Toggle
Q&A Recall Count
Result Re-ranking
Retrieval Strategy
Task Flow Configuration
Model Configuration
Generation Model
Context Turn Count
Reasoning Model
Output Settings
Output Method
Reply Settings
Role Instructions
-
Web Search
-
Variables & Memory
-
Knowledge Management
Add Shared Knowledge
-
Database
-
Documents
Download
Knowledge Base Settings
-
Tag Management
-
Q&A
Export
Task Flow
-
Workflow Management
Workflow Management
-
Application Evaluation
-
-
Application Publishing
Application Publishing
Publish Button
Publishing Channels
-
Service Status
Get the Trial Link
Obtain App Key
Create App Key
Delete App Key
Modify App Key Status
Application Operations
-
-
Delete Application / Copy Application
Copy Application
-
Delete Application
-
Knowledge
Database
-
-
Delete Knowledge Base.
-
-
Documents
Download
-
Edit Knowledge Base
-
-
Tag Management
-
-
Q&A
Export
-
Knowledge Base Settings
-
-
Plugin
Delete Plugin
-
-
Edit Plugin
-
-
Widget
Copy Widget
-
-
Delete Widget
-
-
Export Widget
-
-
Edit Widget
-
-
Prompt
Delete Prompt Template
-
-
Edit Prompt Template
-
-
Function Permissions
Agent Development Platform
Model Marketplace
Add Model
-
Delete Model
-
Workspace
Delete Workspace
-
Modify Workspace
-
Application Development
New Application
-
Knowledge Base
New Knowledge Base
-
Plugin Marketplace
Create Plugin
-
Widget Development
New Widget
-
Prompt Template
New Prompt Template
-
Application Template
Clear conversation
-
Copy
-
Application Experience
-
Platform Management
Computing Resource Inventory
Concurrent Resources
Knowledge Library Capacity
Pay-as-you-go Resources
Postpaid Settings
Billing Resource Usage Details
Plugin Usage Statistics
Concurrency Statistics
Knowledge Base Capacity Statistics
Model Usage Statistics
Content Security
Application Security Settings
Keyword Library
Security Policy
Risk Identification Details
Risk Identification Statistics
Data Reports
Business Dashboard
Resource Dashboard
Maintenance
Operation logs
Platform-Side User Permissions
User management
Role management
Permission Management
Supports configuring permissions for users or roles at the data level.
