Gen AI User Roles and Permissions
The Generative AI application uses role-based access control with four roles. Each role provides progressively more access to system features.
Role descriptions
SearchOnly
The most basic role for users who only need to perform searches. This role corresponds to GenAiSearch.Role.User.SearchOnly. Users with this role can navigate the interface and use search functionality but can't access any data management features.
User
Extends the SearchOnly role with document viewing capabilities. This role corresponds to GenAiSearch.Role.User. Users with this role can see uploaded documents, apply filters, and access document metadata.
DocumentAdmin
Provides document and content management while restricting system-level administration. This role corresponds to GenAiSearch.Role.DocumentAdmin. Content managers and librarians who maintain the document repository use this role.
Admin roles
Complete system access with no restrictions. Users with an admin role can configure all system settings, manage users, configure data sources, and access administrative functions.
Admin access consists of two roles:
GenAiSearch.Role.Admin: the primary administrative role for the GenAI Search application. Designed for system administrators and technical staff who need full control over the app's features and content.C3.AppAdmin: a platform-level role provided by the C3 AI Platform. The Settings/Configurations page is visible only to users with this role. This page controls core system behavior, including LLM configuration, credential management, and the ability to restart AI engines. Verbose Mode is also gated toC3.AppAdmin. This feature exposes the Python code the Dynamic Agent generated and executed, along with its output and any tracebacks.
For details about platform-level roles, see C3 Agentic AI Platform Built-in Roles.
Review navigation and data access permissions
The following table shows which features are available for each user role.
| Feature | SearchOnly | User | DocumentAdmin | Admin |
|---|---|---|---|---|
| Home Page - Main dashboard and landing page | ✓ | ✓ | ✓ | ✓ |
| Themes - Interface theme selection | ✓ | ✓ | ✓ | ✓ |
| Help - Documentation and support resources | ✓ | ✓ | ✓ | ✓ |
| Recent Searches/Conversation History - View past queries and conversations | ✓ | ✓ | ✓ | ✓ |
| Document Filter - Filter and search through available documents | ✓ | ✓ | ✓ | ✓ |
| Source/Citation Link - Access to source references and citations | ✓ | ✓ | ✓ | ✓ |
| Feedback buttons - Provide feedback on search results and responses | ✓ | ✓ | ✓ | ✓ |
| Dynamic Agent Tool - Use AI agents for enhanced search capabilities | ✓ | ✓ | ✓ | ✓ |
| WebSearch Tool - Perform web searches within the application | ✓ | ✓ | ✓ | ✓ |
| Documents - View and access uploaded documents in the system | × | ✓ | ✓ | ✓ |
| Upload File - Upload new documents to the system | × | × | ✓ | ✓ |
| Documents→Tags - Manage document tags and metadata | × | × | ✓ | ✓ |
| Add tags - Create new tags for document organization | × | × | ✓ | ✓ |
| Delete tags - Remove existing tags from the system | × | × | ✓ | ✓ |
Administrative and system permissions
The following table shows which administrative capabilities are assigned to each role.
| Feature | SearchOnly | User | DocumentAdmin | Admin |
|---|---|---|---|---|
| Source Directories - Configure and manage data source directories | × | × | × | ✓ |
| Data Sources - Manage connection to external data sources | × | × | × | ✓ |
| Add data source - Connect new data sources to the system | × | × | × | ✓ |
| Conversation/Query - Access conversation and query history management | × | × | × | ✓ |
| Edit columns - Modify table and view column configurations | × | × | × | ✓ |
| Agents - Configure and manage AI agents and their behaviors | × | × | × | ✓ |
| Admin Configuration - Access core system administration settings | × | × | × | ✓ |
Assign a user to a role
To assign user roles in the Gen AI application, follow the steps in Assign Users.
Role changes apply immediately. Refresh your browser to see updated permissions.
Best practices
- Assign the minimum required role first. Expand access only when needed.
- Audit role assignments regularly to align with current responsibilities.
- Document all role assignments for compliance and traceability.
- Limit use of the
C3.AppAdminandGenAiSearch.Role.Adminroles to trusted administrators only.
C3.AppAdmin and GenAiSearch.Role.Admin provide unrestricted access to all system functions. Use these roles sparingly.