Ejento AI
Guides
QuickstartRecipesREST APIsRelease NotesFAQs
Guides
QuickstartRecipesREST APIsRelease NotesFAQs
Ejento AI
  1. Guides
  • Basic Operations
    • Features
      • Organization → Projects → Assistants → Teams Hierarchy
    • Guides
      • Login/Signup
  • Assistants
    • Overview
    • Features
      • Assistant Access Control
      • Caching Responses for Assistants
      • Assistant Evaluation
      • Evaluation Metrics
      • URL-based Chat Thread Creation and Prepopulation
      • Reasoning Patterns
      • Staging & Publishing
    • Guides
      • Add Assistant
      • Evaluate Assistant
      • Edit Assistant
      • Assistant Edit Access
      • Embed Assistant
      • Delete Assistant
      • Add Favourite Assistants
      • View Assistant Id
      • View Dataset Id
      • Voice Calling with Assistants
  • Corpus
    • Overview
    • Features
      • Corpus Permissions
      • PII Redaction
      • ETag Setup for Corpus Incremental Refresh
    • Guides
      • Assistant Corpus Setup
      • Assistant Corpus Settings
      • Corpus Access Control
      • Corpus Connections
      • View Corpus Id
      • View Document Id
      • Tagging
        • Corpus tagging
        • Document tagging
  • Teams
    • Overview
    • Guides
      • Add a Team
      • Edit a Team
      • Delete a Team
      • View Team Id
  • Projects
    • Overview
    • Guides
      • Add a Project
      • Edit a Project
      • Managing Assistants in a Project
      • Delete a Project
      • View Project Id
  • User Settings
    • Overview
    • Features
      • Ejento AI User Access Levels
    • Guides
      • Add new user
      • Invite Users via Link or Email
      • View my User Id
  • API Keys
    • Overview
    • Guides
      • How to generate API Key and Auth Token
  • Workflows
    • Overview
    • Features
      • Workflow Access Control
    • Guides
      • Add Workflow
      • Workflow Chat
      • Workflow Edit Access
  • Tools
    • Overview
    • Guides
      • Tools Overview
      • Create External Tool
      • Connect Tool to Assistant
  • Analytics
    • Overview
    • Guides
      • Analyzing Data in the Analytics Dashboard
  • Chatlogs
    • Overview
    • Guides
      • Managing Chatlogs
      • View Chatlog & Chat thread Id
  • Integrations
    • Overview
    • Guides
      • Email Indexing
      • Microsoft Teams
      • Sharepoint Indexing
      • Google Drive Connector
      • MS Teams Integration Setup
      • Creating a Connection in Credential Manager
      • Slack App
      • Discord Bot
  • Ejento AI Shield
    • Overview
    • Features
      • Understanding Guardrails
    • Guides
      • How to enable Guardrails
  • Assistant Security
    • Overview
    • Features
      • Assistant Red Teaming
    • Guides
      • Red Team an Assistant
  • Permission Sets
    • Overview
    • Guides
      • Add Permission Set
  1. Guides

Add Permission Set

This guide walks through creating a Permission Set, defining its scopes, assigning users, and verifying how the resulting access behaves in the app.
Who this is for: Organization administrators working in the Ejento AI Admin Panel.
Where you'll be working: Organization Settings → Users & Teams → Permission Sets.

Before you begin#

Make sure you have the following ready:
Administrator access to the Ejento AI Organization Settings. Only admins can create Permission Sets and assign users to them.
A clear scope in mind. Decide which permissions to grant on Assistants (Create / View / Edit / Delete / Deploy) and how broad each scope should be.
The list of users who will receive this Permission Set.

1. Open the Permission Sets page and add a new set#

Go to Organization Settings → Users & Teams → Permission Sets and click on Add Permission Set to open the creation form.
Step 1 screenshot

2. Name the Permission Set#

Give the set a unique, clear, descriptive Name. Choose something that communicates the role or level of access it grants (for example, "Assistant Manager" or "Assistant Owner — Standard"), since this is what you'll pick from when assigning users later.
Step 2 screenshot

3. Add a description.#

Enter a short Description explaining the purpose of the set and what access it is intended to provide. A good description saves future administrators from guessing, and makes audits far easier.
Step 3 screenshot

4. Enable the permissions that you want to grant by checking the box beside the actions.#

The heart of a Permission Set — Create, View, Edit, Delete and Deploy permissions — so you can, for example, let a user see everything but only edit and delete what they own.
Step 4 screenshot

5. Select the desired scope to determine which assistants the user perform the action on.#

Click the View scope dropdown to reveal the available boundaries. Select the boundary you want — here, Assistants they own — so users can view only the assistants they are the owner of.
Step 5 screenshot

6. Enable any other action(s) required with the desired scope.#

Step 6 screenshot

7. Click on Next: Review#

When the name, description, and scopes are set, click Next: Review to continue to the final step.
Step 7 screenshot

8. Click on Next: Users#

Step 8 screenshot

9. Assign users to the Permission Set#

Select each user who should be granted this access, then click Create Permission Set to save. You can add as many users as you need.
Step 9 screenshot

10. Confirm creation#

A "Permission set created successfully" confirmation appears. Your set now exists and is applied to every user you selected. You can revisit the Users tab at any time to add or remove members.
Step 10 screenshot

11. Assign multiple Permission Sets to a user at once#

Go to Organization Settings → Users & Teams → Users and click on Edit Permissions against the user to assign/remove permission sets.
Step 11 screenshot

12. Select the permission sets and click Save.#

Please note that when multiple permission sets are assigned, the user is granted the highest permission level across all of them. A user can be assigned up to 20 permission sets.
Step 12 screenshot

Best practices#

Follow least privilege. Grant the narrowest scope that still lets people do their job. It's easier to widen access later than to walk back an over-permissive set.
Name and describe clearly. A future administrator (or an auditor) should understand a set's purpose from its name and description alone.
Prefer "they own" scopes for Edit and Delete so users can't affect resources that aren't theirs.
Keep deployment separate. Let contributors edit and stage changes freely, but reserve deploy-to-live permission for a smaller, trusted group.

Troubleshooting#

SymptomLikely causeWhat to do
"You don't have permission to deploy these changes."The user's Permission Set doesn't include deploy rights.An administrator deploys the change, or grants deploy permission.
A user can't see a resource they expect.The View scope is too narrow, or they aren't assigned to the set.Widen the View scope or add the user under the set's Users tab.
A user can view but not edit/delete.The Edit / Delete scope is narrower than View (by design).Adjust the relevant scope in Edit Permissions if broader access is intended.
Changes to a set don't take effect.The user may need to refresh.Have the user reload the app; confirm the set was saved successfully.

Previous
Overview