Skip to main content
Avra uses role-based access control (RBAC) scoped to your organization. Each user is assigned a role that determines their permissions across the dashboard and API.

Available Roles

RoleDescription
CreatorFull administrative access including workspace management, billing, and team administration
DeveloperTechnical access for API integration, model invocation, and batch operations
AnalystRead-only access to models and batch results for reporting and analysis
Billing ManagerAccess to usage metrics and invoices
AuditorRead-only access to audit logs and usage activity
MemberBasic read access to workspace resources

Permission Matrix

CapabilityCreatorDeveloperAnalystBillingAuditorMember
Workspace
Create/Update workspace
Archive workspace
Models
View models
View model versions
Manage aliases
Invoke predictions
Batches
View batches
Create batches
Cancel batches
Download results
Delete results
Files
View files
Upload files
Download files
Delete files
API & Webhooks
Manage API keys
Manage webhooks
Billing & Usage
View usage
View invoices
Audit
View usage logs
View activity logs
Team
Manage members
View members

Key Behaviors

  • Access inheritance: Removing a user immediately revokes their dashboard sessions and API keys
  • Least privilege: Assign the minimum role needed for each team member’s responsibilities
  • Single Sign-On: Enterprise workspaces can enforce SSO with at least one break-glass admin using email/password + MFA

Role Assignment

To change a user’s role:
  1. Navigate to Access & Security → Members
  2. Click the member’s current role
  3. Select the new role from the dropdown
  4. Changes take effect immediately
Every workspace requires at least one Creator. The last Creator cannot be downgraded or removed.