User role permissions by use case Innovation Release
This documentation covers the current Innovation Release of
EDB Postgres AI. See also:
- Hybrid Manager dual release strategy
- Documentation for the current Long-term support release
Authorization of these user roles follows a role-based access control (RBAC) model with the restrictions applying to a specific scope—either within one project or within one account.
The following list doesn't cover Postgres cluster database authorization.
Currently, you can't create custom roles. Only these 13 predefined roles are available.
| Permissions | Organization Administrator | Organization Owner | Platform Admin | AI Model Manager | Project Owner | Project Editor | Project Viewer | Estate Ingester | Pipeline Editor | Catalog Data reader | Catalog Data writer | Migration Portal Projects Owner | Migration Portal Projects Editor | Migration Portal Projects Viewer |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Access Ops apps (launchpad) | X | |||||||||||||
| View projects within the org | X | X | ||||||||||||
| Update and delete projects | X | |||||||||||||
| View roles assigned at the project level | X | X | X | X | ||||||||||
| View activity log for the org | X | X | ||||||||||||
| View and download usage report for the project | X | X | X | |||||||||||
| View and download usage report for the org | X | X | ||||||||||||
| Create projects within the org | X | |||||||||||||
| Assign project roles | X | X | ||||||||||||
| Create, edit, and delete clusters | X | X | ||||||||||||
| View clusters, backups, estates, and migrations | X | X | X | |||||||||||
| Assign org roles | X | |||||||||||||
| View org-scope role mapping rules | X | X | ||||||||||||
| Create, update, and delete org-scope role mapping rules | X | |||||||||||||
| View project-scope role mapping rules | X | X | X | X | X | |||||||||
| Create, update, and delete project-scope role mapping rules | X | X | ||||||||||||
| View activity log for the project | X | X | X | |||||||||||
| View, edit, and delete owned projects | X | |||||||||||||
| Ingest self-managed Postgres cluster data | X* | |||||||||||||
| Manage AI models and inference services | X | |||||||||||||
| Create, read, update, delete, and execute pipelines | X | |||||||||||||
| View pipelines | X | X | ||||||||||||
| View published and deployed flows | X | X | X | |||||||||||
| Create and update published and deployed flows | X | X | ||||||||||||
| Delete deployed flows | X | |||||||||||||
| Delete published flows | X | |||||||||||||
| Create, update, and delete catalog | X | X | ||||||||||||
| Read catalog | X | |||||||||||||
| Read Iceberg data | X | X | ||||||||||||
| Write and delete Iceberg data | X | |||||||||||||
| View Migration Portal projects | X | X | X | |||||||||||
| View and update Migration Portal projects | X | X | ||||||||||||
| View, update, create, and delete Migration Portal projects | X |
* Only machine-users can be assigned to ingest self-managed cluster data.
In addition to manual role assignment, you can use role mapping to automatically assign roles based on identity provider attributes.