Roles & Permissions

    Zia Agents uses role-based access control to manage what users can see and do within the platform. Every user is assigned one of four default roles, each with a predefined set of permissions across agents, knowledge base, tools, workflows, billing, and integrations.

    These roles are not customizable. You cannot create custom roles or modify the permissions assigned to existing ones.

    Role types

    • Super Admin has unrestricted access to everything in the organization. This includes all agents, knowledge bases, tools, workflows, billing, organizational settings, and the ability to edit or delete the organization itself.
    • Admin has the same level of access as Super Admin for day-to-day work: managing agents, knowledge bases, tools, workflows, and users. The key difference is that Admins cannot edit or delete the organization itself.
    • Collaborator is designed for team members who actively build and test. Collaborators can create, edit, test, and execute agents and workflows, but they cannot deploy them. They also don't have access to billing, user management, or integration settings.
    • Viewer has read-only access. Viewers can see shared agents, knowledge bases, and tools, but cannot create, edit, or execute anything.

    Permission details by module

    PermissionSuper AdminAdminCollaboratorViewer

    User & Role Management

    View users & roles
    Create, edit, delete users
    Activate or deactivate users
    Create, edit, delete roles
    Assign roles & permissions

    Teams

    View teams
    Create, edit, delete teams

    Agents

    View and query agents
    Create, edit, delete agents
    Test agents
    Deploy agents
    Lock or unlock agents

    Multi-Agent Workflows

    View workflows
    Create, edit, delete workflows
    Test and execute workflows
    Deploy workflows

    Knowledge Base

    View knowledge base
    Query knowledge base
    Create, edit, delete knowledge base
    Upload file attachments

    Tools

    View tools & groups
    Create, edit, delete tools
    Test tools

    Organization & Billing

    Edit organization
    Delete organization
    Manage org settings
    View billing stats

    Integrations & Security

    View BYOK and ChatKit keys
    Manage BYOK models
    Manage ChatKit keys
    View secret key values
    Set up IM integrations
    Create, edit, delete IM data
    Link IM to agents or multi-agent workflows

    Things to keep in mind

    • Collaborators can build, test, and run agents and workflows, but they cannot deploy them. If someone on your team needs to push an agent live, they'll need Admin or Super Admin access.
    • Only Admins and Super Admins can view the actual secret strings for BYOK and ChatKit keys. Collaborators and Viewers can see that keys exist but not their values.

    PREVIOUS

    UP NEXT