User Management
Permissions Reference
Complete reference of permission keys in Forjinn's role-based access control (RBAC) system.
Forjinn uses a fine-grained Role-Based Access Control (RBAC) system. Permissions are expressed as string keys that define specific actions a user can perform. Permissions are grouped into roles, and roles are assigned to users.
Permission keys follow a resource:action convention, where:
- resource — the platform feature or area being controlled.
- action — the specific operation allowed on that resource.
For example, chatflows:view allows a user to view chatflows, while chatflows:edit allows modifications.
| Permission Key | Description |
|---|
chatflows:view | View existing chatflows and their configurations |
chatflows:create | Create new chatflows |
chatflows:edit | Modify existing chatflows |
chatflows:delete | Delete chatflows |
chatflows:deploy | Deploy or activate chatflows for production use |
chatflows:execute | Run and test chatflows |
| Permission Key | Description |
|---|
agentflows:view | View existing agentflows |
agentflows:create | Create new agentflows |
agentflows:edit | Modify existing agentflows |
agentflows:delete | Delete agentflows |
agentflows:deploy | Deploy agentflows for production |
agentflows:execute | Run and test agentflows |
| Permission Key | Description |
|---|
executions:view | View execution history and logs for chatflows and agentflows |
executions:delete | Clear execution history |
| Permission Key | Description |
|---|
credentials:view | View existing API credentials and keys |
credentials:create | Add new credentials |
credentials:edit | Modify existing credentials |
credentials:delete | Remove credentials |
| Permission Key | Description |
|---|
tools:view | Browse available tools and integrations |
tools:create | Add custom tools |
tools:edit | Modify existing tools |
tools:delete | Remove tools |
tools:use | Use tools within chatflows and agentflows |
| Permission Key | Description |
|---|
variables:view | View environment and workflow variables |
variables:create | Add new variables |
variables:edit | Modify existing variables |
variables:delete | Remove variables |
| Permission Key | Description |
|---|
assistants:view | View configured assistants |
assistants:create | Create new assistants |
assistants:edit | Modify existing assistants |
assistants:delete | Delete assistants |
| Permission Key | Description |
|---|
knowledgebase:view | View documents and datasets in the knowledge base |
knowledgebase:create | Upload and add documents to the knowledge base |
knowledgebase:edit | Modify knowledge base entries |
knowledgebase:delete | Remove knowledge base entries |
| Permission Key | Description |
|---|
logs:view | View system, execution, and audit logs |
| Permission Key | Description |
|---|
users:view | View platform user accounts |
users:create | Invite or create new user accounts |
users:edit | Modify user details and role assignments |
users:delete | Remove user accounts |
roles:view | View configured roles |
roles:create | Create new roles |
roles:edit | Modify role definitions and permissions |
roles:delete | Remove roles |
| Permission Key | Description |
|---|
settings:view | View platform and workspace settings |
settings:edit | Modify platform and workspace settings |
| Permission Key | Description |
|---|
billing:view | View billing information, invoices, and usage |
billing:edit | Modify billing settings and payment methods |
When a user performs an action, Forjinn checks whether any of the user's assigned roles include the required permission key. If at least one role grants the permission, the action is allowed. This means a user's effective permissions are the union of all permissions across their assigned roles.
- Admin: All permission keys, including
users:*, roles:*, settings:edit, and billing:*.
- Editor:
chatflows:*, agentflows:*, tools:use, credentials:view, executions:view, logs:view, variables:view.
- Viewer:
chatflows:view, agentflows:view, executions:view, tools:view, logs:view, variables:view.
- Principle of Least Privilege: Assign only the permission keys necessary for a user's responsibilities. Avoid broad wildcard patterns where specific keys can be used.
- Use Roles as the Primary Mechanism: Define roles with precise permission sets and assign users to roles rather than managing permissions on a per-user basis.
- Audit Periodically: Review role definitions and user assignments regularly to ensure permissions align with current team structure and responsibilities.
- Document Custom Roles: Keep a record of how custom roles map to permission keys so that onboarding and access reviews are straightforward.
