Managing user access with Role-Based Access Control (RBAC)
Agent Studio includes a comprehensive Role-Based Access Control (RBAC) system to ensure secure access to workflows, models, and tools.This system allows for fine-grained control over who can view, edit, deploy, and delete resources within the agent studio
Secure integration
Access to the system is limited to users who have successfully authenticated through Cloudera AI Workbench Single Sign-On (SSO). Upon authentication, an initial role is automatically assigned, which is determined by the user's existing permissions within their Cloudera AI Workbench Project.
Understanding User Roles
Access to Agent Studio is governed by two primary roles, each with specific capabilities tailored to different user needs. Upon their initial login, users are automatically assigned one of the following two roles. This assignment is determined by their existing access to Cloudera AI Workbench projects.
| Role | Core Capability | Initial Assignment |
|---|---|---|
| Contributor | This role provides full authority over all resource aspects (workflows, models, tools), including creation, management, editing, cloning, and deleting, deploying and testing workflows. | Project-level access permissions include Admin, Owner, Contributor, and Operator roles. User with above roles are assigned Read-Write (RW) access in Agent Studio |
| Viewer |
View shared resources and deployed workflows. Test deployed workflows. Users with a Viewer role, cannot create, modify, or delete any resources or workflows. This is a read-only role. |
For users with Read-Only (RO) project access, the corresponding project-level permission is Viewer. |
