Role-Based Access Control
Xilos supports role-based access control with three primary roles.
Roles
SuperAdmin
The SuperAdmin role has full access to the organization's Xilos environment:
- Manage organization settings and model configuration
- Create and manage virtual keys
- View all dashboards, query logs, and cost controls
- Create and manage routing rules, restriction rules, and workflows
- Configure SIEM export, webhooks, and routines
- Manage users and departments
- Access billing and plan management
Organization Admin
The Org Admin role manages day-to-day operations:
- Create and manage routing and restriction rules
- View dashboards and query logs
- Manage workflows, skills, and tools
- Configure webhooks and routines
- Cannot manage billing or model configuration
User
The User role has read-only access:
- View dashboards (own activity)
- View query log (own queries)
- Cannot create or modify rules
- Cannot access settings or billing
Info: Virtual Keys provide an additional layer of access control — each key can have its own budget and rate limits, independent of the user's role.
Assigning Roles
Roles are assigned when creating or editing a user:
- Navigate to Settings > Administration.
- Click Add User or edit an existing user.
- Select the role from the dropdown.
- Save.
API Access by Role
| Action | SuperAdmin | Org Admin | User |
|---|---|---|---|
| View dashboards | ✅ | ✅ | ✅ (own) |
| Create routing rules | ✅ | ✅ | ❌ |
| Create restriction rules | ✅ | ✅ | ❌ |
| Manage virtual keys | ✅ | ❌ | ❌ |
| Model configuration | ✅ | ❌ | ❌ |
| View audit logs | ✅ | ✅ | ❌ |
| SIEM configuration | ✅ | ✅ | ❌ |
| Billing | ✅ | ❌ | ❌ |