Multi-Tenancy
The platform uses explicit tenant entities with role-based access control. Each user can belong to multiple tenants with different roles.
Roles & Permissions
Permission | superadmin | admin | editor | dataset_editor | normal |
|---|---|---|---|---|---|
Create/delete tenant | ✅ | ❌ | ❌ | ❌ | ❌ |
Transfer ownership | ✅ | ❌ | ❌ | ❌ | ❌ |
Invite/remove member | ✅ | ✅ | ❌ | ❌ | ❌ |
Change member role | ✅ | ✅ | ❌ | ❌ | ❌ |
Create/delete group | ✅ | ✅ | ❌ | ❌ | ❌ |
Add/remove group members | ✅ | ✅ | ❌ | ❌ | ❌ |
Create/delete provider | ✅ | ✅ | ❌ | ❌ | ❌ |
Edit provider | ✅ | ✅ | ❌ | ❌ | ❌ |
Assign dataset to user/group | ✅ | ✅ | ❌ | ❌ | ❌ |
Create/delete any dataset | ✅ | ✅ | ✅ | ❌ | ❌ |
Edit any dataset | ✅ | ✅ | ✅ | ❌ | ❌ |
View any dataset | ✅ | ✅ | ✅ | ❌ | ❌ |
Create/delete assigned dataset | ✅ | ✅ | ✅ | ✅ | ❌ |
Edit assigned dataset | ✅ | ✅ | ✅ | ✅ | ❌ |
View assigned dataset | ✅ | ✅ | ✅ | ✅ | ❌ |
Upload/delete document (any dataset) | ✅ | ✅ | ✅ | ❌ | ❌ |
Upload/delete document (assigned dataset) | ✅ | ✅ | ✅ | ✅ | ❌ |
Create/delete dialog | ✅ | ✅ | ✅ | ❌ | ❌ |
Edit dialog | ✅ | ✅ | ✅ | ❌ | ❌ |
View dialog | ✅ | ✅ | ✅ | ❌ | ❌ |
Use chat | ✅ | ✅ | ✅ | ✅ | ✅ |
Dataset Visibility
superadmin/admin/editor — see all datasets in the tenant
dataset_editor — sees only datasets assigned to them (directly or via group)
normal — no dataset access (chat only)
Tenant Visibility
superadmin — sees all tenants on the platform (can create/delete any tenant)
admin/editor/dataset_editor/normal — see only tenants they are a member of
Authentication Modes
Mode | Description |
|---|---|
| Email/password with HS256 JWT (dev/testing) |
| External OIDC provider with RS256 JWT (production) |
| Try local first, fall back to OIDC (default) |
Configure via AUTH_MODE environment variable. OIDC requires OIDC_ISSUER_URL and OIDC_AUDIENCE.
Tenant Migration
Existing deployments must run the tenant migration before using multi-tenant features:
This creates tenant entities from existing users (idempotent, safe to re-run).