User role permissions by use case Innovation Release
This documentation covers the current Innovation Release of
EDB Postgres AI. You may also want the docs for the current LTS version.
Authorization of these user roles follows a role-based access control (RBAC) model with the restrictions applying to a specific scope—either within one project or within one account.
The following list doesn't cover Postgres cluster database authorization.
Currently, you can't create custom roles. Only these 11 predefined roles are available.
| Permissions | Organization Administrator | Organization Owner | Platform Admin | Project Owner | Project Editor | Project Viewer | Estate Ingester | GenAI Builder Editor | Catalog Data reader | Catalog Data writer | Migration Portal Projects Owner | Migration Portal Projects Editor | Migration Portal Projects Viewer |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Access GenAI Builder | X | ||||||||||||
| Configure GenAI Builder | X | ||||||||||||
| Access Ops apps (launchpad) | X | ||||||||||||
| View projects within the org | X | X | |||||||||||
| Update and delete projects | X | ||||||||||||
| View roles assigned at the project level | X | X | X | X | |||||||||
| View activity log for the org | X | X | |||||||||||
| View and download usage report for the project | X | X | X | ||||||||||
| View and download usage report the the org | X | X | |||||||||||
| Create projects within the org | X | ||||||||||||
| Assign project roles | X | X | |||||||||||
| Create, edit, and delete clusters | X | X | |||||||||||
| View clusters, backups, estates, and migrations | X | X | X | ||||||||||
| Assign org roles | X | ||||||||||||
| View activity log for the project | X | X | X | ||||||||||
| View, edit, and delete owned projects | X | ||||||||||||
| Ingest self-managed Postgres cluster data | X* | ||||||||||||
| Create, update, and delete catalog | X | X | |||||||||||
| Read catalog | X | ||||||||||||
| Read Iceberg data | X | X | |||||||||||
| Write and delete Iceberg data | X | ||||||||||||
| View Migration Portal projects | X | X | X | ||||||||||
| View and update Migration Portal projects | X | X | |||||||||||
| View, update, create, and delete Migration Portal projects | X |
- Only machine-users can be assigned to ingest self-managed cluster data.