Gen AI User Roles and Permissions
The Generative AI application uses role-based access control with four distinct roles. Each role serves different users and provides progressively more access to system features.
The Generative AI application has the following roles:
SearchOnly
The most basic role for users who only need to perform searches. This role corresponds to the GenAiSearch.Role.User.SearchOnly role in the system. These users can navigate the interface and use search functionality but cannot access any data management features. Ideal for end users who consume information without needing to upload or modify content.
Search
Extends the SearchOnly role with document viewing capabilities. This role corresponds to the GenAiSearch.Role.User.Search role in the system. These users can see uploaded documents, apply filters, and access document metadata. Suitable for users who need to review content but don't require upload or editing permissions.
DocumentAdmin
Provides comprehensive document and content management while restricting system-level administration. This role corresponds to the GenAiSearch.Role.DocumentAdmin role in the system. Perfect for content managers and librarians who maintain the document repository.
AppAdmin
Complete system access with no restrictions. This role corresponds to the C3.AppAdmin role in the system. These users can configure all system settings, manage users, configure data sources, and access administrative functions. Reserved for system administrators and technical staff.
For more details about platform-level roles, see C3 Agentic AI Platform Built-in Roles.
Review navigation and data access permissions
The following table shows which features are available for each user role in the Gen AI application.
| Feature | SearchOnly | Search | DocumentAdmin | AppAdmin |
|---|---|---|---|---|
| Home Page - Main dashboard and landing page | ✓ | ✓ | ✓ | ✓ |
| Themes - Interface theme selection | ✓ | ✓ | ✓ | ✓ |
| Help - Documentation and support resources | ✓ | ✓ | ✓ | ✓ |
| Recent Searches/Conversation History - View past queries and conversations | ✓ | ✓ | ✓ | ✓ |
| Document Filter - Filter and search through available documents | ✓ | ✓ | ✓ | ✓ |
| Source/Citation Link - Access to source references and citations | ✓ | ✓ | ✓ | ✓ |
| Feedback buttons - Provide feedback on search results and responses | ✓ | ✓ | ✓ | ✓ |
| Dynamic Agent Tool - Use AI agents for enhanced search capabilities | ✓ | ✓ | ✓ | ✓ |
| WebSearch Tool - Perform web searches within the application | ✓ | ✓ | ✓ | ✓ |
| Project Selection DropDown - Switch between different projects | ✓ | ✓ | ✓ | ✓ |
| Documents - View and access uploaded documents in the system | × | ✓ | ✓ | ✓ |
| Upload File - Upload new documents to the system | × | × | ✓ | ✓ |
| Documents→Tags - Manage document tags and metadata | × | × | ✓ | ✓ |
| Add tags - Create new tags for document organization | × | × | ✓ | ✓ |
| Delete tags - Remove existing tags from the system | × | × | ✓ | ✓ |
Administrative and system permissions
The table below outlines which administrative capabilities are assigned to each user role.
| Feature | SearchOnly | Search | DocumentAdmin | AppAdmin |
|---|---|---|---|---|
| Source Directories - Configure and manage data source directories | × | × | × | ✓ |
| Data Sources - Manage connection to external data sources | × | × | × | ✓ |
| Add data source - Connect new data sources to the system | × | × | × | ✓ |
| Conversation/Query - Access conversation and query history management | × | × | × | ✓ |
| Edit columns - Modify table and view column configurations | × | × | × | ✓ |
| Agents - Configure and manage AI agents and their behaviors | × | × | × | ✓ |
| Admin Configuration - Access core system administration settings | × | × | × | ✓ |
| Credentials - Manage system credentials and authentication | × | × | × | ✓ |
| LLM - Configure large language model settings and parameters | × | × | × | ✓ |
Assign a user to a role
To assign user roles in the Gen AI application, follow the steps in Assign Users.
Role changes apply immediately. You must refresh your browser to see updated permissions.
Best practices
- Principle of least privilege: Assign the minimum required role first. Expand access only when needed.
- Regular audits: Audit role assignments regularly to align with current responsibilities.
- Document assignments: Document all role assignments for compliance and traceability.
- Admin role restriction : Limit use of the
C3.AppAdminrole to trusted administrators only.
[!WARNING] >
C3.AppAdminrole provides unrestricted access to all system functions. Use this role sparingly and only for trusted administrators.