> ## Documentation Index
> Fetch the complete documentation index at: https://docs.noxus.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Permissions

> Overview of the Noxus permissions system

Noxus uses a fine-grained permission system based on discrete permission keys. These permissions directly control the user experience by modifying what features and data are visible within the platform interface.

Beyond the UI, these permissions also apply to **API Keys**. When creating an API key you can optionally restrict it to a subset of your own workspace permissions—a key can never exceed the permissions of the user who created it.

Permissions are divided into **Workspace-level** permissions (scoped to a specific workspace) and **Organization-level** permissions (tenant-wide administrative functions).

***

## Workspace-Level Permissions

These permissions are specific to individual workspaces and control what a user can do inside that workspace.

<Note>
  The `*_edit` permission covers both creating and editing resources — there is no separate `create` permission.
</Note>

| Category            | Permission key      | Description                                                 |
| :------------------ | :------------------ | :---------------------------------------------------------- |
| **Flows**           | `flows_edit`        | Create and edit workflows                                   |
|                     | `flows_delete`      | Delete workflows                                            |
|                     | `flows_run`         | Execute workflows                                           |
|                     | `flows_advanced`    | Access advanced features (API deployment, versioning)       |
| **Agents**          | `agents_edit`       | Create and edit AI agents                                   |
|                     | `agents_delete`     | Delete agents                                               |
|                     | `agents_run`        | Chat with and execute agents                                |
|                     | `agents_advanced`   | Access advanced agent features                              |
| **Knowledge Bases** | `kbs_edit`          | Create, upload, and manage documents in knowledge bases     |
|                     | `kbs_delete`        | Delete knowledge bases                                      |
|                     | `kbs_query`         | Query and search knowledge bases                            |
|                     | `kbs_advanced`      | Access advanced KB features such as ingestion pipelines     |
| **Administration**  | `integrations_edit` | Connect and configure external integrations                 |
|                     | `users_edit`        | Invite and modify workspace members                         |
|                     | `users_delete`      | Remove members from the workspace                           |
|                     | `workspace_admin`   | Manage workspace settings, roles, API keys, and permissions |

<Note>
  `workspace_admin` is a superset of the other administration permissions. A user with `workspace_admin` automatically has full access to integrations and workspace member management, in addition to settings and API key management.
</Note>

***

## Organization-Level Permissions

These permissions apply across the entire organization and control tenant-wide administrative operations.

| Category         | Permission key     | Description                                        |
| :--------------- | :----------------- | :------------------------------------------------- |
| **Users**        | `users_read`       | View all users in the organization                 |
|                  | `users_invite`     | Invite new users to the organization               |
|                  | `users_edit`       | Modify user information and roles                  |
|                  | `users_delete`     | Remove users from the organization                 |
| **Workspaces**   | `workspace_read`   | View all workspaces                                |
|                  | `workspace_write`  | Create new workspaces                              |
|                  | `workspace_edit`   | Modify workspace settings                          |
|                  | `workspace_delete` | Delete workspaces                                  |
| **Organization** | `org_read`         | View organization details                          |
|                  | `org_edit`         | Modify organization details                        |
|                  | `org_billing`      | Manage billing, subscriptions, and payment methods |
|                  | `org_admin`        | Full organization admin access                     |
| **Settings**     | `settings_read`    | View platform settings                             |
