Noxus uses a fine-grained permission system based on discrete permission keys. These permissions directly control the user experience by modifying what features and data are visible within the platform interface.
Beyond the UI, these permissions also apply to API Keys. When creating an API key you can optionally restrict it to a subset of your own workspace permissions—a key can never exceed the permissions of the user who created it.
Permissions are divided into Workspace-level permissions (scoped to a specific workspace) and Organization-level permissions (tenant-wide administrative functions).
Workspace-Level Permissions
These permissions are specific to individual workspaces and control what a user can do inside that workspace.
The *_edit permission covers both creating and editing resources — there is no separate create permission.
| Category | Permission key | Description |
|---|
| Flows | flows_edit | Create and edit workflows |
| flows_delete | Delete workflows |
| flows_run | Execute workflows |
| flows_advanced | Access advanced features (API deployment, versioning) |
| Agents | agents_edit | Create and edit AI agents |
| agents_delete | Delete agents |
| agents_run | Chat with and execute agents |
| agents_advanced | Access advanced agent features |
| Knowledge Bases | kbs_edit | Create, upload, and manage documents in knowledge bases |
| kbs_delete | Delete knowledge bases |
| kbs_query | Query and search knowledge bases |
| kbs_advanced | Access advanced KB features such as ingestion pipelines |
| Administration | integrations_edit | Connect and configure external integrations |
| users_edit | Invite and modify workspace members |
| users_delete | Remove members from the workspace |
| workspace_admin | Manage workspace settings, roles, API keys, and permissions |
workspace_admin is a superset of the other administration permissions. A user with workspace_admin automatically has full access to integrations and workspace member management, in addition to settings and API key management.
Organization-Level Permissions
These permissions apply across the entire organization and control tenant-wide administrative operations.
| Category | Permission key | Description |
|---|
| Users | users_read | View all users in the organization |
| users_invite | Invite new users to the organization |
| users_edit | Modify user information and roles |
| users_delete | Remove users from the organization |
| Workspaces | workspace_read | View all workspaces |
| workspace_write | Create new workspaces |
| workspace_edit | Modify workspace settings |
| workspace_delete | Delete workspaces |
| Organization | org_read | View organization details |
| org_edit | Modify organization details |
| org_billing | Manage billing, subscriptions, and payment methods |
| org_admin | Full organization admin access |
| Settings | settings_read | View platform settings |
