circle-info
New Release: Cypress is now live. Parallel paths for curated and un-curated data.
Twig Help Docsarrow-up-right
search
Twig.so

Organization Settings

Role-based access control defines what users can do in Twig.

hashtag
User Roles

Twig has 4 user roles with escalating permissions:

Role
Description
Typical User

ReadOnly

Query agents, view responses

End users, employees

Train

Query + provide feedback, edit responses

Support agents, QA team

Configure

Train + manage agents, data sources, KB

Product managers, team leads

Admin

Configure + user management, billing, analytics

IT admins, account owners

hashtag
Permission Matrix

Feature
ReadOnly
Train
Configure
Admin

Queries

Ask questions via Playground/API

View own query history

Edit own responses

Feedback & Training

Thumbs up/down on responses

View own interactions in Inbox

View team's interactions in Inbox

Edit team's responses

Configuration

Manage data sources

Create/edit AI agents

Manage Knowledge Base articles

Configure Auto KB generation

Administration

View analytics dashboard

Manage users and roles

Manage groups

View billing and usage

Generate API keys

Configure SSO

hashtag
Assign Roles

Location: Admin → Users → [User Name] → Role (dropdown)

Steps:

  1. Click Admin in left navigation

  2. Select Users tab

  3. Find user in list

  4. Click Edit button

  5. Select role from dropdown

  6. Click Save

Expected result: User's role updates immediately. Changes take effect on next login or page refresh.

hashtag
Role Guidelines

ReadOnly: For users who only need to ask questions and view answers

  • Cannot provide feedback or edit responses

  • No access to configuration or admin features

  • Suitable for: All employees, customers (if public-facing)

Train: For users who help improve answer quality

  • Can mark responses accurate/inaccurate

  • Can edit responses for better phrasing

  • Cannot modify agents or data sources

  • Suitable for: Support agents, QA team, content reviewers

Configure: For users who manage AI behavior and content

  • Full control over agents, data sources, KB

  • Cannot access billing, user management, or analytics

  • Suitable for: Product managers, engineering leads, content admins

Admin: For users who manage the organization

  • Full access to all features

  • Can view sensitive analytics and billing

  • Can add/remove users and assign roles

  • Suitable for: IT admins, account owners (limit to 2-3 users)

hashtag
Observable Behavior

Role restrictions enforced:

  • UI: Users don't see menu items they can't access

  • API: Returns 403 Forbidden if user lacks permission

Example: ReadOnly user trying to create agent via API:

hashtag
When This Doesn't Apply

For custom role definitions or permission granularity beyond these 4 roles, contact Enterprise sales for RBAC customization.

PreviousAdministrationNextUser Management

Last updated