Overview
Your permissions in elvex are determined by four factors: your company-wide role, whether a resource is public or private, any specific access you've been granted to individual assistants or datasources, and your membership in groups.
Quick Reference
Need to share with your whole company? → Set visibility to Public
Need to share with specific people? → Add them in Security & Permissions
Need to share with a team? → Create a group and share with the group
Need someone to help edit? → Give them Editor role
Can't see an assistant you should have access to? → Check if it's set to Private and ask the owner to share it with you
Company-wide roles
When you're invited to elvex, your administrator selects a role which can be a Member, Creator, or Admin. Consumer is a historical role that still exists for some users. Your role determines your permissions across elvex, but works in tandem with specific roles you may have been granted on an Assistant or Datasource.
Feature / Permission | Consumer | Member | Creator | Admin | Owner |
|
View & use assistants | ✅ | ✅ | ✅ | ✅ | ✅ |
|
Create new assistants | ❌ | ✅ | ✅ | ✅ | ✅ |
|
Edit/delete assistants | ❌ | ✅ | ✅ | ✅ | ✅ |
|
Share assistants | ❌ | ❌ | ✅ | ✅ | ✅ |
|
View datasources | ✅ | ✅ | ✅ | ✅ | ✅ |
|
Create new datasources | ❌ | ✅ | ✅ | ✅ | ✅ |
|
Edit/delete datasources | ❌ | ✅ | ✅ | ✅ | ✅ |
|
Share datasources | ❌ | ❌ | ✅ | ✅ | ✅ |
|
+ Create/manage groups | ❌ | ✅ | ✅ | ✅ | ✅ |
|
View/edit company info | ❌ | ❌ | ❌ | ✅ | ✅ |
|
Invite others to company | ❌ | ❌ | ❌ | ✅ | ✅ |
|
Edit global AI filters | ❌ | ❌ | ❌ | ✅ | ✅ |
|
Add/edit AI providers | ❌ | ❌ | ❌ | ✅ | ✅ |
|
Configure integrations (e.g. Slack) | ❌ | ❌ | ❌ | ✅ | ✅ |
|
Use/view/edit/delete ALL assistants (ignore visibility) | ❌ | ❌ | ❌ | ❌ | ✅ |
|
Use/view/edit/delete ALL datasources (ignore visibility) | ❌ | ❌ | ❌ | ❌ | ✅ |
|
Assistant and Datasource Visibility
Assistants and Datasources have a Visibility setting which can either be:
Private: Only you, company Owners, users you explicitly share with, and groups you share with can use or edit it.
Public: Everyone in your company will be able to see and use this Assistant or Datasource but only editors will be able to modify it.
By default, all new Assistants and Datasources have their visibility set to Private.
⚠️ Important Security Consideration
Public assistants can access private datasources, which creates a potential security loophole:
When you share a private datasource with someone, they can attach it to any assistant they create, including public ones.
Example scenario:
You share a private HR datasource with John
John creates a public assistant and connects your HR datasource
Now everyone in your company can query HR data through John's public assistant
Best practice: Only share private datasources with trusted users or groups, or consider making datasources public if they should be widely accessible.
Groups
Groups allow you to organize users into teams and manage resource access at the group level. Instead of adding individual users to each resource, you can add them to a group and share resources with the entire group.
Group membership roles
Users within a group can have one of three roles:
Owner: Can edit group settings, manage all members, and delete the group
Editor: Can add and remove group members
Viewer: Can only view the group and its members
Group resource roles
When you share a resource with a group, the group receives either:
Editor: Group members can modify the resource
Viewer: Group members can view and use the resource
Permission hierarchy
If a user has access to a resource through both individual permissions and group membership, the highest privilege role wins.
Example:
Sarah has Viewer access to an assistant through individual permissions
Sarah is in the Marketing group, which has Editor access to the same assistant
Sarah will have Editor access (the higher privilege)
Learn more: What are Groups and how do they work?
FAQs
How do I share an assistant or datasource with my entire company?
Modify the Visibility of the assistant or datasource and set it to Public. This will effectively give all users within your company Viewer access to this assistant or datasource allowing them to use it, but not modify it.
How do I share an assistant or datasource with a team?
Create a group for your team, add the team members, then share the resource with the group. This is more efficient than adding users individually, especially when managing multiple resources.
Learn more: How to create and manage groups
How do I share an assistant or datasource with someone?
For assistants:
Open the assistant you want to share
Expand Security & Permissions
Click Add user (or Add group) and search by name or email
Select their role (Viewer or Editor)
Click Save
For datasources:
Open the datasource you want to share
Scroll to Permissions
Click Add user (or Add group) and search by name or email
Select their role (Viewer or Editor)
Click Save
Where do I go to modify assistant or datasource permissions?
For assistants, expand the Security & Permissions setting. For datasources, scroll to Permissions.
How does elvex determine the owner of an assistant or datasource?
The owner of an assistant or datasource is always the person that created that assistant or datasource, unless ownership has been transferred to another user.
How do I transfer ownership of an assistant or datasource?
This is currently only supported via a support request to [email protected] but we'll soon allow owners to transfer ownership. Alternatively, a team member can copy the assistant or datasource and make their own version.
What happens if someone clones an assistant that was connected to a private datasource?
The answer here depends on what access the user cloning the assistant has to the underlying datasource. If the user has access to the datasource via Viewer, Editor or Owner roles (either individually or through a group), the cloned assistant will contain a connection to the original datasource. If the user cloning the assistant does not have access to the datasource, they will create an assistant with identical configuration to that of the initial assistant, but the cloned assistant will not have access to the original datasource. The assistant creator will have to request access to the datasource.
What is the default visibility for new assistants or datasources?
All new assistants or datasources default to their visibility set to private.
Do requests made via private assistants still show in the audit log?
For now, yes, both private and public assistants still show their requests and responses in the elvex audit log. This means administrators can currently see all conversation content, even from private assistants. In a subsequent release, we plan to change this behavior so that admins can see that private assistant requests were made, but not see the detail of the request or response of that private assistant. This is an area we're open to feedback on so if you have thoughts, please let us know at support@elvex.ai
Can I use private assistants via Slack?
Yes, but with some caveats. Setting your assistant's visibility to Private means that you cannot set Slack permissions to "All Slack users" as this would potentially allow non-authorized users to use your assistant and its connected datasources. Private assistants can only have the "Match elvex permissions" setting enabled for Slack which effectively means that you can only use Private assistants via direct messages in Slack.
Can I use private assistants via the API?
Yes. You can add an API user to a private assistant giving that user only the ability to see that assistant.
While you can assign either the Viewer or Editor role to an API user, it currently doesn't make much of a difference as API users cannot edit assistants via the API.