This is available on the Enterprise Plan. Contact Kolena if you’re not on an Enterprise plan but would like to try this feature.
Manage Workspace Access
Kolena Enterprise Organizations can have multiple Workspaces to separate projects or teams. This can be helpful for use cases such as isolated development environments, or to separate different departments within a larger Organization. Upon request, Kolena will create the Workspaces for your Organization. Once multiple Workspaces are present, Organizationadmins can assign roles to each Workspace when creating Users or Teams.
admins can manage access to the Workspace.
Organization vs Workspace Admins
When multiple Workspaces are present in an Organization, there are two levels of admin roles: Workspaceadmin and Organization admin. Below is a comparison of their permissions as a refinement on top of the single Workspace case:
| Action | Workspace admin | Organization admin |
|---|---|---|
| Check usage by Agents in a Workspace | ✅ | ✅ |
| Manage permissions within a Workspace | ✅ | ✅ |
| Check usage by Agents in all Workspaces | ❌ | ✅ |
| Manage permissions across all Workspaces | ❌ | ✅ |
| Create or delete Users and Teams | ❌ | ✅ |
| Manage all API keys and Service Users in the Organization | ❌ | ✅ |
| Manage Data Retention Policies | ❌ | ✅ |
| Manage SCIM Integration | ❌ | ✅ |
Manage Agent Access
Agentowners or Workspace admins can manage access by clicking the “eye” icon near the top of the Agent view.
viewer, editor, or assign someone as the Agent’s owner.
You can also configure the “General Access” setting:
- General (View-Only): All Workspace users have
viewer-only access. - General (Viewer/Editor): Workspace
viewers andeditors receive their respective roles. This is the default setting for new Agents. - Restricted: Only Organization and Workspace
adminsand explicitly added Users/Teams can access the Agent.
Workspace-Level Permissions
All Users are assigned a Workspace role. Based on the Workspace role, Users can perform the following actions, regardless of their permission on any particular agent:| Action | viewer | editor | admin |
|---|---|---|---|
| Create API Keys | ✅ | ✅ | ✅ |
| Create new Agents | ❌ | ✅ | ✅ |
| Create/Modify/Delete all Folders | ❌ | ✅ | ✅ |
| View all Agents | ❌ | ❌ | ✅ |
| Create/Modify/Delete Integrations on all Agents | ❌ | ❌ | ✅ |
| Create/Modify/Delete Data Retention Policies on all Agents | ❌ | ❌ | ✅ |
| Create/Modify/Delete Dashboards on all Agents | ❌ | ❌ | ✅ |
| Create/Modify/Delete Folders for all Agents | ❌ | ❌ | ✅ |
| Create/Modify/Delete Prompts on all Agents | ❌ | ❌ | ✅ |
| Create/Modify/Delete Runs on all Agents | ❌ | ❌ | ✅ |
| Manage permissions for all Agents | ❌ | ❌ | ✅ |
| Delete all Agents | ❌ | ❌ | ✅ |
Agent-Level Permissions
Users with access to an Agent are assigned one of three roles:viewer, editor, or owner:
| Action | viewer | editor | owner |
|---|---|---|---|
| View Agent | ✅ | ✅ | ✅ |
| View Integrations | ✅ | ✅ | ✅ |
| View Dashboards | ✅ | ✅ | ✅ |
| View Runs | ✅ | ✅ | ✅ |
| Create Runs | ✅ | ✅ | ✅ |
| Comment on Prompts results | ✅ | ✅ | ✅ |
| Override Prompts results | ✅ | ✅ | ✅ |
| Create/Modify/Delete Data Retention Policies | ❌ | ✅ | ✅ |
| Create/Modify/Delete Prompts | ❌ | ✅ | ✅ |
| Create/Modify/Delete Integrations | ❌ | ✅ | ✅ |
| Create/Modify/Delete Dashboards | ❌ | ✅ | ✅ |
| Delete Agents | ❌ | ✅ | ✅ |
| Manage Agents permissions | ❌ | ❌ | ✅ |
owner, though ownership can be transferred later.
Note that Workspace admin Users have owner access to all Agents in the Workspace.
Create Teams
To create a new Team in your Organization:- Click “Add Team” from your Organization page.
- (Optional) Select Users from the dropdown menu. A User can belong to multiple Teams.
- (Optional) If multiple Workspaces are present in the Organization, select the Workspaces and roles to assign to the Team. Users in the Team will have access to these Workspaces.
- Click “Create Team”.