Skip to main content

Where in the dashboard

Interactive tutorial

If the video shows an older “system menu”, use Teams and Roles → Roles (/teams?section=roles).

How RBAC works in Gu1

Two layers coexist:
  1. Legacy organization roles (owner, admin, manager, developer, analyst, viewer).
  2. Granular RBAC with resource:action permissions (e.g. entities:read, rules:create, cases:assign).
API endpoints check granular permission with an explicit legacy fallback. When granular RBAC is enabled for the org, the Roles UI is the fine-grained source of access.
Enabling or disabling granular RBAC for an organization is typically a platform (SuperOwner) action. Org admins manage roles and assignments once it is enabled.

Create a role

2

Create

Click Create (or equivalent) and enter a clear name.
3

Assign permissions

Select permissions by resource (entities, rules, cases, enrichments, teams, billing, etc.) and actions (read, create, edit, delete, export, approve, …).
4

Visibility (if available)

For sensitive data you may configure show / disable / hide / obfuscate in the role editor.
5

Save and assign

Save the role and assign it to members from Roles or from the member profile on /teams.

Best practices

Least privilege

Only the permissions required for the job.

Periodic review

Review roles and assignments every 3–6 months.

Maker-checker

Separate who proposes rules/lists from who approves.

Multiple roles

A user can have several roles; permissions combine.
TopicLink
Invite membersTutorial · UI
TeamsTutorial
API KeysTutorial · UI
Security metricshttps://app.gu1.ai/metrics/security
Audit trailhttps://app.gu1.ai/audit-trail