User Management
Scope uses role-based access control (RBAC) to manage what users can do within the platform. This page covers the available roles, their permissions, and how to manage team access.
Roles
Scope defines three roles with increasing levels of access:
| Role | Description |
|---|---|
| Viewer | Read-only access to prompts, versions, and traces |
| Editor | Full prompt management — create, edit, test, and promote prompts |
| Admin | Everything Editors can do, plus provider/key management and user administration |
Permissions Matrix
| Action | Viewer | Editor | Admin |
|---|---|---|---|
| View prompts and versions | Yes | Yes | Yes |
| View traces | Yes | Yes | Yes |
| View providers (list) | Yes | Yes | Yes |
| Create prompts | — | Yes | Yes |
| Edit prompt metadata | — | Yes | Yes |
| Create/edit versions | — | Yes | Yes |
| Test prompts (execute) | — | Yes | Yes |
| Promote to production | — | Yes | Yes |
| Archive/unarchive versions | — | Yes | Yes |
| Manage golden sets | — | Yes | Yes |
| Configure providers | — | — | Yes |
| Manage API keys | — | — | Yes |
| Manage users and roles | — | — | Yes |
| Delete prompts | — | — | Yes |
| Delete providers | — | — | Yes |
Managing Users
Invite a User
- Go to Settings > Users
- Click Invite User
- Enter the user's email address
- Select a role (Viewer, Editor, or Admin)
- Send the invitation
The invited user receives an email with instructions to access Scope.
Change a User's Role
- Go to Settings > Users
- Find the user in the list
- Click their current role to open the role selector
- Select the new role
- Save the change
Role changes take effect immediately.
Remove a User
- Go to Settings > Users
- Find the user in the list
- Click Remove
- Confirm the action
warning
Removing a user revokes their access immediately. Resources they created (prompts, versions) are preserved.
Best Practices
- Principle of least privilege — assign the minimum role needed. Most team members should be Editors; reserve Admin for those who need to manage providers and keys
- Separate admin accounts — avoid using admin accounts for day-to-day prompt work
- Regular access reviews — periodically review the user list and remove access for team members who no longer need it
- Audit trail — promotion history and version metadata track which user performed each action
Was this page helpful?