Role-Based Access Control
Role-Based Access Control enables you to assign specific roles to team members, ensuring that each person has the appropriate level of access to your organization’s resources. This helps maintain security and organization while allowing teams to collaborate effectively on agent development and deployment.
Available Roles
Section titled “Available Roles”Letta Cloud provides three preset roles with different levels of access, designed to match common team structures and responsibilities.
| Permission | Analyst | Editor | Admin |
|---|---|---|---|
| Read projects, agents, data sources, tools, templates | ✅ | ✅ | ✅ |
| Message agents | ✅ | ✅ | ✅ |
| Create/update/delete projects and templates | ❌ | ✅ | ✅ |
| Create/update/delete agents | ❌ | ✅ | ✅ |
| Create/update/delete data sources and tools | ❌ | ✅ | ✅ |
| Create/read API keys | ❌ | ✅ | ✅ |
| Update organization environment variables | ❌ | ✅ | ✅ |
| Delete API keys | ❌ | ❌ | ✅ |
| Manage users and organization settings | ❌ | ❌ | ✅ |
| Manage billing and integrations | ❌ | ❌ | ✅ |
Analyst roles are perfect for team members who need to view and test agents but don’t need to modify them. Editor roles are ideal for developers who actively work on building and maintaining agents. Admin roles provide full access including user management and billing.
Managing Team Members
Section titled “Managing Team Members”Organization admins can invite new team members through the organization settings page and assign them appropriate roles based on their responsibilities. User roles can be updated at any time as team members take on new responsibilities or change their involvement in projects.
When inviting users, consider their specific needs and responsibilities. Start with the principle of least privilege by assigning users the minimum permissions they need to perform their job functions effectively.
Permission Enforcement
Section titled “Permission Enforcement”Permissions are automatically enforced across all API endpoints and the Letta Cloud interface. Users who lack the necessary permissions will receive a 401 Unauthorized response when attempting unauthorized actions through the API, and the interface will hide features they don’t have access to.