User Management
Scope uses role-based access control (RBAC) to manage what users can do within the platform. This page covers the available roles, their permissions, and how to manage team access.
Roles​
Scope defines three roles with increasing levels of access:
| Role | Description |
|---|---|
| Viewer | Read-only access to prompts, versions, and traces |
| Editor | Full prompt management — create, edit, test, and promote prompts |
| Admin | Everything Editors can do, plus provider/key management and user administration |
Permissions Matrix​
| Action | Viewer | Editor | Admin |
|---|---|---|---|
| View prompts and versions | Yes | Yes | Yes |
| View traces | Yes | Yes | Yes |
| View providers (list) | Yes | Yes | Yes |
| Create prompts | — | Yes | Yes |
| Edit prompt metadata | — | Yes | Yes |
| Create/edit versions | — | Yes | Yes |
| Test prompts (execute) | — | Yes | Yes |
| Promote to production | — | Yes | Yes |
| Archive/unarchive versions | — | Yes | Yes |
| Manage golden sets | — | Yes | Yes |
| Configure providers | — | — | Yes |
| Manage API keys | — | — | Yes |
| Manage users and roles | — | — | Yes |
| Delete prompts | — | — | Yes |
| Delete providers | — | — | Yes |
Managing Users​
Invite a User​
- Go to Settings > Users
- Click Invite User
- Enter the user's email address
- Select a role (Viewer, Editor, or Admin)
- Send the invitation
The invited user receives an email with instructions to access Scope.
Change a User's Role​
- Go to Settings > Users
- Find the user in the list
- Click their current role to open the role selector
- Select the new role
- Save the change
Role changes take effect immediately.
Remove a User​
- Go to Settings > Users
- Find the user in the list
- Click Remove
- Confirm the action
warning
Removing a user revokes their access immediately. Resources they created (prompts, versions) are preserved.
Best Practices​
- Principle of least privilege — assign the minimum role needed. Most team members should be Editors; reserve Admin for those who need to manage providers and keys
- Separate admin accounts — avoid using admin accounts for day-to-day prompt work
- Regular access reviews — periodically review the user list and remove access for team members who no longer need it
- Audit trail — promotion history and version metadata track which user performed each action
Was this page helpful?