Workspace operations reference

This document provides a comprehensive reference table of workspace and organization operations and which roles can perform them. For an overview of LangSmith’s RBAC system, role definitions, and permission concepts, refer to Role-based access control. This page lists every API operation in LangSmith along with:

Which roles can perform each operation.
The specific permission string required.
Notes about partial access or special cases.

Use this as a reference for whether a specific role can perform a particular action.

Workspace-level operations	Organization-level operations
Core resources: • Projects: Organize traces and runs • Runs: Individual execution traces • Datasets: Test datasets for evaluation • Examples: Individual dataset examples • Experiments: Comparative experiments	Core management: • Organization settings: Org info and configuration • Workspaces: Workspace management • Organization members: Member management • Roles and permissions: Custom roles
Monitoring and analysis: • Rules: Automated run rules • Alerts: Alert rules for monitoring • Feedback: Scores and labels on outputs • Annotation Queues: Human review queues • Charts: Custom visualizations	Security and authentication: • SSO and authentication: Single sign-on setup • SCIM: Identity provisioning • Access policies: Attribute-based access control
Development and configuration: • Prompts: Prompt templates (LangChain Hub) • Deployments: Deployment configurations • MCP Servers: Model Context Protocol servers	Billing and accounts: • Billing and payments: Subscription management • API keys and service accounts: Org-level keys
Workspace management: • Workspace settings: Members, settings • API Keys & Secrets: Authentication credentials • Tags: Metadata tagging system • Bulk Exports: Data export operations	Analytics: • Charts and dashboards: Org-level visualizations • Usage and analytics: Usage tracking and TTL settings

Additional information:

User-level operations: Operations for all authenticated users
Permission inheritance: How roles inherit across org/workspaces
Special access flags: Public access, delegation, and service flags

Legend

✓ Allowed: User with this role can perform this action
✗ Not Allowed: User with this role cannot perform this action
⚠ Partial: User has limited access (see notes)

Workspace-level operations

These operations are controlled by workspace-level roles and permissions.

Projects (Tracer Sessions)

Projects organize traces and runs from your LLM applications.

Operation	Workspace Admin	Workspace User	Workspace Viewer	Required Permission
Create a new project	✓	✗	✗	`projects:create`
View project list	✓	✓	✓	`projects:read`
View project details	✓	✓	✓	`projects:read`
View prebuilt dashboard	✓	✓	✓	`projects:read`
View project metadata (top K values)	✓	✓	✓	`projects:read`
Update project metadata (name, description, tags)	✓	✓	✗	`projects:update`
Create filter view	✓	✗	✗	`projects:create`
View filter views	✓	✓	✓	`projects:read`
View specific filter view	✓	✓	✓	`projects:read`
Update filter view	✓	✓	✗	`projects:update`
Delete filter view	✓	✗	✗	`projects:delete`
Delete a project	✓	✗	✗	`projects:delete`
Delete multiple projects	✓	✗	✗	`projects:delete`
Get insights jobs (Beta)	✓	✓	✓	`projects:read`
Get specific insights job (Beta)	✓	✓	✓	`projects:read`
Create insights job (Beta)	✓	✓	✓	`projects:read` + `rules:create`
Update insights job (Beta)	✓	✓	✗	`projects:update`
Delete insights job (Beta)	✓	✗	✗	`projects:delete`
Get insights job configs (Beta)	✓	✓	✓	`rules:read`
Create insights job config (Beta)	✓	✓	✗	`rules:create`
Auto-generate insights job config (Beta)	✓	✓	✗	`rules:create`
Update insights job config (Beta)	✓	✓	✗	`rules:update`
Delete insights job config (Beta)	✓	✓	✗	`rules:delete`
Get run cluster from insights job (Beta)	✓	✓	✓	`projects:read`
Get runs from insights job (Beta)	✓	✓	✓	`projects:read`

Runs (traces and spans)

Individual execution traces from your LLM applications.

Operation	Workspace Admin	Workspace User	Workspace Viewer	Required Permission
Send traces from SDK (create run)	✓	✓	✗	`runs:create`
Batch ingest runs	✓	✓	✗	`runs:create`
Multipart ingest runs	✓	✓	✗	`runs:create`
Post OTEL traces	✓	✓	✗	`runs:create`
Post OTEL metrics	✓	✓	✗	`runs:create`
View a specific run	✓	✓	✓	`runs:read`
View thread preview	✓	✓	✓	`runs:read`
Query/list runs	✓	✓	✓	`runs:read`
View run statistics	✓	✓	✓	`runs:read`
View grouped run statistics	✓	✓	✓	`runs:read`
Group runs by expression	✓	✓	✓	`runs:read`
Generate filter query from natural language	✓	✓	✓	`runs:read`
Prefetch runs	✓	✓	✓	`runs:read`
Update a run (PATCH)	✓	✓	✗	`runs:create`
View run sharing state	✓	✓	✓	`runs:read`
Share a run publicly	✓	✓	✗	`runs:share`
Unshare a run	✓	✓	✗	`runs:share`
Delete runs by trace ID or metadata	✓	✗	✗	`runs:delete`

Rules (run rules and automations)

Automated rules that trigger actions based on run conditions.

Operation	Workspace Admin	Workspace User	Workspace Viewer	Required Permission
List all run rules	✓	✓	✓	`rules:read`
Create a run rule	✓	✓	✗	`rules:create`
Update a run rule	✓	✓	✗	`rules:update`
Delete a run rule	✓	✓	✗	`rules:delete`
View rule logs	✓	✓	✓	`rules:read`
Get last applied rule	✓	✓	✓	`rules:read`
Manually trigger a rule	✓	✓	✗	`rules:update`
Trigger multiple rules	✓	✓	✗	`rules:update`

Alerts

Alert rules for monitoring run conditions.

Operation	Workspace Admin	Workspace User	Workspace Viewer	Required Permission
Create alert rule	✓	✓	✓	`runs:read`
Update alert rule	✓	✓	✓	`runs:read`
Delete alert rule	✓	✓	✓	`runs:read`
Get alert rule	✓	✓	✓	`runs:read`
List alert rules	✓	✓	✓	`runs:read`
Test alert action	✓	✓	✓	`runs:read`

Datasets

Test datasets with examples for evaluation.

Operation	Workspace Admin	Workspace User	Workspace Viewer	Required Permission
Create a dataset	✓	✓	✗	`datasets:create`
List datasets	✓	✓	✓	`datasets:read`
View dataset details	✓	✓	✓	`datasets:read`
Update dataset metadata	✓	✓	✗	`datasets:update`
Delete a dataset	✓	✗	✗	`datasets:delete`
Upload CSV dataset	✓	✓	✗	`datasets:create`
Clone dataset	✓	✓	✗	`datasets:update`
Get dataset version	✓	✓	✓	`datasets:read`
Get dataset versions	✓	✓	✓	`datasets:read`
Diff dataset versions	✓	✓	✓	`datasets:read`
Update dataset version (tags)	✓	✓	✗	`datasets:update`
Download dataset (OpenAI format)	✓	✓	✓	`datasets:read`
Download dataset (OpenAI fine-tuning format)	✓	✓	✓	`datasets:read`
Download dataset (CSV)	✓	✓	✓	`datasets:read`
Download dataset (JSONL)	✓	✓	✓	`datasets:read`
View dataset sharing state	✓	✓	✓	`datasets:read`
Share dataset publicly	✓	✗	✗	`datasets:share`
Unshare dataset	✓	✗	✗	`datasets:share`
Get index info	✓	✓	✓	`datasets:read`
Index dataset	✓	✓	✗	`datasets:update`
Sync dataset index	✓	✓	✗	`datasets:update`
Remove dataset index	✓	✓	✗	`datasets:update`
Search dataset	✓	✓	✓	`datasets:read`
Generate synthetic examples	✓	✓	✗	`datasets:update`
Get dataset splits	✓	✓	✓	`datasets:read`
Update dataset splits	✓	✓	✓	`datasets:read`
Run playground experiment (batch)	✓	⚠	✗	`prompts:read` + `datasets:read` + `projects:create`
Run playground experiment (stream)	✓	⚠	✗	`prompts:read` + `datasets:read` + `projects:create`
Run studio experiment	✓	⚠	✗	`datasets:read` + `projects:create`

Examples

Individual examples within datasets.

Operation	Workspace Admin	Workspace User	Workspace Viewer	Required Permission
Count examples	✓	✓	✓	`datasets:read`
View a specific example	✓	✓	✓	`datasets:read`
List examples	✓	✓	✓	`datasets:read`
Create a new example	✓	✓	✗	`datasets:update`
Create examples (bulk)	✓	✓	✗	`datasets:update`
Update a single example	✓	✓	✗	`datasets:update`
Update examples (bulk)	✓	✓	✗	`datasets:update`
Update examples (multipart)	✓	✓	✗	`datasets:update`
Upload examples from CSV	✓	✓	✗	`datasets:update`
Upload examples from JSONL	✓	✓	✗	`datasets:update`
Delete a single example	✓	✓	✗	`datasets:update`
Delete examples (bulk)	✓	✓	✗	`datasets:update`
View examples with runs	✓	✓	✓	`datasets:read`
View grouped examples with runs	✓	✓	✓	`datasets:read`
Validate a single example	✓	✓	✓	`datasets:read`
Validate examples (bulk)	✓	✓	✓	`datasets:read`

Experiments

Comparative experiments for evaluating LLM outputs.

Operation	Workspace Admin	Workspace User	Workspace Viewer	Required Permission
View comparative experiments	✓	✓	✓	`projects:read`
Create comparative experiment	✓	⚠	✗	`projects:create`
Delete comparative experiment	✓	✗	✗	`projects:delete`
View examples with runs	✓	✓	✓	`datasets:read`
View grouped examples with runs	✓	✓	✓	`datasets:read`
View grouped experiments	✓	✓	✓	`datasets:read`
View feedback delta	✓	✓	✓	`datasets:read`
Upload experiment results	✓	⚠	✗	`datasets:create` + `datasets:update` + `projects:create` + `runs:create`
Get experiment view overrides	✓	✓	✗	`datasets:update`
Create experiment view override	✓	✓	✗	`datasets:update`
Update experiment view override	✓	✓	✗	`datasets:update`
Delete experiment view override	✓	✓	✗	`datasets:update`

Workspace Users have partial access because they cannot create projects, which limits their ability to create new experiments.

Feedback

Scores, labels, and corrections on LLM outputs.

Operation	Workspace Admin	Workspace User	Workspace Viewer	Required Permission
List feedback formulas	✓	✓	✓	`feedback:read`
Get feedback formula	✓	✓	✓	`feedback:read`
Create feedback formula	✓	✓	✗	`feedback:create`
Update feedback formula	✓	✓	✗	`feedback:update`
Delete feedback formula	✓	✓	✗	`feedback:delete`
View specific feedback	✓	✓	✓	`feedback:read`
List feedbacks	✓	✓	✓	`feedback:read`
Create feedback	✓	✓	✗	`feedback:create`
Eagerly create feedback	✓	✓	✗	`feedback:create`
Update feedback	✓	✓	✗	`feedback:update`
Delete feedback	✓	✓	✗	`feedback:delete`
Batch ingest feedback	✓	✓	✗	`feedback:create`
Create feedback ingest token	✓	✓	✗	`feedback:create`
List feedback ingest tokens	✓	✓	✗	`feedback:create`
Create feedback with token (no auth required)	✓	✓	✓	N/A (token-based)
List feedback configs	✓	✓	✓	`feedback:read`
Create feedback config	✓	✓	✗	`feedback:create`
Update feedback config	✓	✓	✗	`feedback:update`

Annotation Queues

Human review queues for LLM outputs.

Operation	Workspace Admin	Workspace User	Workspace Viewer	Required Permission
List annotation queues	✓	✓	✓	`annotation-queues:read`
Get annotation queue	✓	✓	✓	`annotation-queues:read`
Create annotation queue	✓	✓	✗	`annotation-queues:create`
Update annotation queue	✓	✓	✗	`annotation-queues:update`
Delete annotation queue	✓	✗	✗	`annotation-queues:delete`
Populate annotation queue	✓	✓	✗	`annotation-queues:update`
Get runs from queue	✓	✓	✓	`annotation-queues:read`
Get run from queue (by index)	✓	✓	✓	`annotation-queues:read`
Get queues for run	✓	✓	✓	`annotation-queues:read`
Get queue total size	✓	✓	✓	`annotation-queues:read`
Get queue total archived	✓	✓	✓	`annotation-queues:read`
Get queue size	✓	✓	✓	`annotation-queues:read`
Add runs to queue	✓	✓	✗	`annotation-queues:update`
Update run in queue	✓	✓	✗	`annotation-queues:update`
Delete run from queue	✓	✓	✗	`annotation-queues:update`
Delete runs from queue (bulk)	✓	✓	✗	`annotation-queues:update`
Create identity annotation queue run status	✓	✓	✗	`annotation-queues:update`
Export archived runs	✓	✓	✓	`annotation-queues:read`

Prompts (hub)

Prompt templates and chains in the LangChain Hub.

Operation	Workspace Admin	Workspace User	Workspace Viewer	Required Permission
List prompt repos	✓	✓	✓	`prompts:read`
View prompt repo	✓	✓	✓	`prompts:read`
Create prompt repo	✓	✓	✗	`prompts:create`
Fork prompt repo	✓	✓	✗	`prompts:create`
Update prompt repo	✓	✓	✗	`prompts:update`
Delete prompt repo	✓	✓	✗	`prompts:delete`
List commits	✓	✓	✓	`prompts:read`
View commit	✓	✓	✓	`prompts:read`
Push commit	✓	✓	✗	`prompts:update`
List repo tags	✓	✓	✓	`prompts:read`
Get all tags	✓	✓	✓	`prompts:read`
Create tag	✓	✓	✗	`prompts:create`
Update tag	✓	✓	✗	`prompts:update`
Delete tag	✓	✓	✗	`prompts:delete`
View events	✓	✓	✓	`prompts:read`
List comments	✓	✓	✓	`prompts:read`
Create comment	✓	✓	✗	`prompts:read`
Delete comment	✓	✓	✗	`prompts:read`
Toggle like	✓	✓	✗	`prompts:read`
Optimize prompt	✓	✓	✗	`prompts:update`
List optimization jobs	✓	✓	✓	`prompts:read`
Create optimization job	✓	✓	✗	`prompts:create`
Update optimization job	✓	✓	✗	`prompts:update`
Delete optimization job	✓	✓	✗	`prompts:delete`
Invoke prompt canvas	✓	✓	✗	`prompts:update`
List quick actions	✓	✓	✓	`prompts:read`
Create quick action	✓	✓	✓	`prompts:read`
Delete quick action	✓	✓	✓	`prompts:read`
Update quick action	✓	✓	✓	`prompts:read`

Some prompt operations support public access for shared prompts.

Charts (custom dashboards)

Custom visualizations and dashboards.

Operation	Workspace Admin	Workspace User	Workspace Viewer	Required Permission
List charts	✓	✓	✓	`charts:read`
Get chart by ID	✓	✓	✓	`charts:read`
Create chart	✓	✓	✗	`charts:create`
Update chart	✓	✓	✗	`charts:update`
Delete chart	✓	✓	✗	`charts:delete`
Render chart	✓	✓	✓	`charts:read`
List chart sections	✓	✓	✓	`charts:read`
Get chart section by ID	✓	✓	✓	`charts:read`
Create chart section	✓	✓	✗	`charts:create`
Update chart section	✓	✓	✗	`charts:update`
Delete chart section	✓	✓	✗	`charts:delete`
Render chart section	✓	✓	✓	`charts:read`

Deployments

LangSmith Deployment configurations.

Operation	Workspace Admin	Workspace User	Workspace Viewer	Required Permission
Create deployment	✓	✓	✗	`deployments:create`
View deployment	✓	✓	✓	`deployments:read`
Update deployment	✓	✓	✗	`deployments:update`
Delete deployment	✓	✗	✗	`deployments:delete`

Workspace settings and management

Operation	Workspace Admin	Workspace User	Workspace Viewer	Required Permission
View workspace info	✓	✓	✓	`workspaces:read`
View workspace statistics	✓	✓	✓	`workspaces:read`
Update workspace (name, description)	✓	✗	✗	`workspaces:manage`
Delete workspace	✓	✗	✗	`workspaces:manage`
View workspace members	✓	✓	✓	`workspaces:read`
View active workspace members	✓	✓	✓	`workspaces:read`
View pending workspace members	✓	✓	✓	`workspaces:read`
Add member to workspace	✓	✗	✗	`workspaces:manage`
Add members (batch)	✓	✗	✗	`workspaces:manage`
Update workspace member role	✓	✗	✗	`workspaces:manage`
Remove workspace member	✓	✗	✗	`workspaces:manage`
Delete pending workspace member	✓	✗	✗	`workspaces:manage`
View usage limits	✓	✓	✓	`workspaces:read`
View shared entities	✓	✓	✓	`workspaces:read`
Bulk unshare entities	✓	✗	✗	`workspaces:manage`

API keys and secrets

Operation	Workspace Admin	Workspace User	Workspace Viewer	Required Permission
List API keys	✓	✓	✓	`workspaces:read`
Generate API key	✓	✗	✗	`workspaces:manage`
Delete API key	✓	✗	✗	`workspaces:manage`
List workspace secrets	✓	✓	✓	`workspaces:read`
Get encrypted secrets	✓	✓	✓	`workspaces:read`
Upsert workspace secrets	✓	✗	✗	`workspaces:manage`

Operation	Workspace Admin	Workspace User	Workspace Viewer	Required Permission
List tag keys	✓	✓	✓	`workspaces:read`
Get tag key	✓	✓	✓	`workspaces:read`
Create tag key	✓	✗	✗	`workspaces:manage`
Update tag key	✓	✗	✗	`workspaces:manage`
Delete tag key	✓	✗	✗	`workspaces:manage`
List tag values	✓	✓	✓	`workspaces:read`
Get tag value	✓	✓	✓	`workspaces:read`
Create tag value	✓	✗	✗	`workspaces:manage`
Update tag value	✓	✗	✗	`workspaces:manage`
Delete tag value	✓	✗	✗	`workspaces:manage`
List tags	✓	✓	✓	`workspaces:read`
List tags for resource	✓	✓	✓	`workspaces:read`
List tags for resources (batch)	✓	✓	✓	`workspaces:read`
List taggings	✓	✓	✓	`workspaces:read`
Create tagging	✓	✗	✗	`workspaces:manage`
Delete tagging	✓	✗	✗	`workspaces:manage`

Bulk exports

Operation	Workspace Admin	Workspace User	Workspace Viewer	Required Permission
List bulk exports	✓	✓	✓	`workspaces:read`
Get bulk export	✓	✓	✓	`workspaces:read`
Create bulk export	✓	✗	✗	`workspaces:manage`
Cancel bulk export	✓	✗	✗	`workspaces:manage`
Get bulk export destinations	✓	✓	✓	`workspaces:read`
Get bulk export destination	✓	✓	✓	`workspaces:read`
Create bulk export destination	✓	✗	✗	`workspaces:manage`
Get filtered export runs	✓	✓	✓	`workspaces:read`

MCP (Model Context Protocol) servers

Operation	Workspace Admin	Workspace User	Workspace Viewer	Required Permission
List MCP servers	✓	✓	✓	`workspaces:read`
Get MCP server	✓	✓	✓	`workspaces:read`
Create MCP server	✓	✓	✓	`workspaces:read`
Update MCP server	✓	✓	✓	`workspaces:read`
Delete MCP server	✓	✓	✓	`workspaces:read`

Organization-level operations

Organization settings

Operation	Org Admin	Org User	Org Viewer	Required Permission
View organization info	✓	✓	✓	`organization:read`
View organization dashboard	✓	✓	✓	`organization:read`
Update organization info	✓	✗	✗	`organization:manage`
View billing info	✓	✓	✓	`organization:read`
View company info	✓	✓	✓	`organization:read`
Set company info	✓	✗	✗	`organization:manage`

Workspaces (organization level)

Operation	Org Admin	Org User	Org Viewer	Required Permission
List all workspaces	✓	✓	✓	`organization:read`
Create workspace	✓	✗	✗	`organization:manage`

Organization members

Operation	Org Admin	Org User	Org Viewer	Required Permission
View organization members	✓	✓	✓	`organization:read`
View active org members	✓	✓	✓	`organization:read`
View pending org members	✓	✓	✓	`organization:read`
Invite member to organization	✓	✗	✗	`organization:manage`
Invite members (batch)	✓	✗	✗	`organization:manage`
Add basic auth members	✓	✗	✗	`organization:manage`
Remove organization member	✓	✗	✗	`organization:manage`
Update organization member role	✓	✗	✗	`organization:manage`
Delete pending org member	✓	✗	✗	`organization:manage`

Roles and permissions

Operation	Org Admin	Org User	Org Viewer	Required Permission
List organization roles	✓	✓	✓	`organization:read`
List available permissions	✓	✓	✓	N/A (user-level)
Create custom role	✓	✗	✗	`organization:manage`
Update custom role	✓	✗	✗	`organization:manage`
Delete custom role	✓	✗	✗	`organization:manage`

SSO and authentication

Operation	Org Admin	Org User	Org Viewer	Required Permission
View SSO settings	✓	✓	✓	`organization:read`
Create SSO settings	✓	✗	✗	`organization:manage`
Update SSO settings	✓	✗	✗	`organization:manage`
Delete SSO settings	✓	✗	✗	`organization:manage`
View login methods	✓	✓	✓	`organization:read`
Update allowed login methods	✓	✗	✗	`organization:manage`
Set default SSO provision	✓	✗	✗	`organization:manage`

SCIM (System for cross-domain identity management)

Operation	Org Admin	Org User	Org Viewer	Required Permission
List SCIM tokens	✓	✓	✓	`organization:read`
Get SCIM token	✓	✓	✓	`organization:read`
Create SCIM token	✓	✗	✗	`organization:manage`
Update SCIM token	✓	✗	✗	`organization:manage`
Delete SCIM token	✓	✗	✗	`organization:manage`

Access policies (ABAC - Attribute-based access control)

Operation	Org Admin	Org User	Org Viewer	Required Permission
List access policies	✓	✓	✓	`organization:read`
Get access policy	✓	✓	✓	`organization:read`
Create access policy	✓	✗	✗	`organization:manage`
Delete access policy	✓	✗	✗	`organization:manage`
Attach access policy to role	✓	✗	✗	`organization:manage`

Billing and payments

Operation	Org Admin	Org User	Org Viewer	Required Permission
Create Stripe setup intent	✓	✗	✗	`organization:manage`
Handle payment method creation	✓	✗	✗	`organization:manage`
Change payment plan	✓	✗	✗	`organization:manage`
Create Stripe checkout session	✓	✗	✗	`organization:manage`
Confirm checkout completion	✓	✗	✗	`organization:manage`
Create Stripe account links	✓	✗	✗	`organization:manage`

API keys and service accounts

Operation	Org Admin	Org User	Org Viewer	Required Permission
List org service keys	✓	✓	✓	`organization:read`
Create org service key	✓	✗	✗	`organization:pats:create`
List personal access tokens	✓	✓	✗	`organization:read`
Create personal access token	✓	✓	✗	`organization:pats:create`
Delete personal access token	✓	✓	✗	`organization:read`
List service accounts	✓	✓	✓	`organization:read`
Create service account	✓	✓	✓	`organization:read`
Delete service account	✓	✓	✓	`organization:read`

Organization charts and dashboards

Operation	Org Admin	Org User	Org Viewer	Required Permission
List org charts	✓	✓	✓	`organization:read`
Get org chart by ID	✓	✓	✓	`organization:read`
Create org chart	✓	✗	✗	`organization:manage`
Update org chart	✓	✗	✗	`organization:manage`
Delete org chart	✓	✗	✗	`organization:manage`
Render org chart	✓	✓	✓	`organization:read`
Get org chart section	✓	✓	✓	`organization:read`
Create org chart section	✓	✗	✗	`organization:manage`
Update org chart section	✓	✗	✗	`organization:manage`
Delete org chart section	✓	✗	✗	`organization:manage`
Render org chart section	✓	✓	✓	`organization:read`

Usage and analytics

Operation	Org Admin	Org User	Org Viewer	Required Permission
View organization usage	✓	✓	✓	`organization:read`
View TTL settings	✓	✓	✓	`organization:read`
Upsert TTL settings	✓	✗	✗	`organization:manage`

User-level operations (no workspace or org context)

These operations are available to all authenticated users and don’t require specific workspace or organization permissions.

Operation	All Authenticated Users
View own user profile	✓
Update own user profile	✓
List organizations for user	✓
Create new organization	✓
List pending workspace invites	✓
Delete pending workspace invite	✓
Claim pending workspace invite	✓
List pending organization invites	✓
Delete pending organization invite	✓
Claim pending organization invite	✓

Permission inheritance

Organization to workspace

Organization Admin automatically has full permissions in all workspaces
Organization User and Organization Viewer only get workspace access when explicitly added to workspaces with workspace-level roles

Workspace role independence

Users can have different workspace roles in different workspaces
A user might be a Workspace Admin in one workspace and a Workspace Viewer in another

Special access flags

Some operations support special authorization flags:

Flag	Description	Example Use Case
`allow_public=True`	Allows unauthenticated access	Public prompt repositories, shared runs
`allow_disabled=True`	Allows access even if org/workspace is disabled	View-only access during suspension
`require_user=True`	Requires a user (not service account)	Personal access token management
`allow_authz_delegation=True`	Allows ABAC to override RBAC	Attribute-based access policies
`allowed_services=[...]`	Restricts to specific services	Internal service-to-service calls

Edit the source of this page on GitHub.

Connect these docs programmatically to Claude, VSCode, and more via MCP for real-time answers.

Account administration

Reference

Additional resources

​Contents

​Legend

​Workspace-level operations

​Projects (Tracer Sessions)

​Runs (traces and spans)

​Rules (run rules and automations)

​Alerts

​Datasets

​Examples

​Experiments

​Feedback

​Annotation Queues

​Prompts (hub)

​Charts (custom dashboards)

​Deployments

​Workspace settings and management

​API keys and secrets

​Tags

​Bulk exports

​MCP (Model Context Protocol) servers

​Organization-level operations

​Organization settings

​Workspaces (organization level)

​Organization members

​Roles and permissions

​SSO and authentication

​SCIM (System for cross-domain identity management)

​Access policies (ABAC - Attribute-based access control)

​Billing and payments

​API keys and service accounts

​Organization charts and dashboards

​Usage and analytics

​User-level operations (no workspace or org context)

​Permission inheritance

​Organization to workspace

​Workspace role independence

​Special access flags

Contents

Legend

Workspace-level operations

Projects (Tracer Sessions)

Runs (traces and spans)

Rules (run rules and automations)

Alerts

Datasets

Examples

Experiments

Feedback

Annotation Queues

Prompts (hub)

Charts (custom dashboards)

Deployments

Workspace settings and management

API keys and secrets

Tags

Bulk exports

MCP (Model Context Protocol) servers

Organization-level operations

Organization settings

Workspaces (organization level)

Organization members

Roles and permissions

SSO and authentication

SCIM (System for cross-domain identity management)

Access policies (ABAC - Attribute-based access control)

Billing and payments

API keys and service accounts

Organization charts and dashboards

Usage and analytics

User-level operations (no workspace or org context)

Permission inheritance

Organization to workspace

Workspace role independence

Special access flags