User access management with Role-Based Access Control (RBAC)

Role-Based Access Control (RBAC) in Agent Studio secures access to workflows, models, and tools by mapping Cloudera AI Workbench project permissions to user roles.

Secure integration

Access to the system is restricted to users who successfully authenticate through Cloudera AI Workbench Single Sign-On (SSO). After authentication, an initial role is automatically assigned based on the user's existing permissions within their Cloudera AI Workbench project.

User roles and capabilities

Access to Agent Studio is governed by two primary roles, each with specific capabilities tailored to different user needs. When users log in for the first time, users are automatically assigned a role determined by their Cloudera AI Workbench projects access.

Table 1. User roles in Agent Studio
Role Core capability Initial assignment
Contributor Provides full authority over all resources such as workflows, models, and tools. Users can create, manage, edit, clone, delete, deploy, and test workflows. Assigned to users with Admin, Owner, Contributor, or Operator project-level permissions. User with these roles have Read-Write (RW) access in Agent Studio.
Viewer

Allows users to view shared resources and deployed workflows and to test deployed workflows.

Users cannot create, modify, or delete any resources or workflows.

Assigned to users with Viewer project-level permissions. These users have Read-Only (RO) access in Agent Studio.