Skip to main content

Overview

Roles define what users can do in Poolside. Poolside uses role-based access control (RBAC), where a role groups permissions that you assign to one or more teams. Users inherit permissions through their team memberships. You manage roles from Organization > https://mintcdn.com/poolside/fyUKzbRkxqIwtXwu/images/icons/roles-icon.svg?fit=max&auto=format&n=fyUKzbRkxqIwtXwu&q=85&s=c3bc327ba3a8acc9935770cb68f65769 Roles in the Poolside Console.

How roles work

  • Denied by default: Poolside denies permissions unless a role explicitly grants them.
  • Team assignment: You assign roles to teams, not directly to users. Each team has exactly one role.
  • Multiple teams: You can assign a role to multiple teams.
  • Combined permissions: If a user belongs to multiple teams, Poolside combines the permissions from all assigned roles.
  • Multiple resource types: A role can include permissions across different resource types, such as agents, knowledge bases, and sandboxes.

System roles

System roles are built-in roles that Poolside creates and manages. In Organization > https://mintcdn.com/poolside/fyUKzbRkxqIwtXwu/images/icons/roles-icon.svg?fit=max&auto=format&n=fyUKzbRkxqIwtXwu&q=85&s=c3bc327ba3a8acc9935770cb68f65769 Roles, these roles show Created By: System. You cannot modify or delete system roles.
  • tenant-admin
    Grants full administrative access, including creating and managing all resources, users, teams, roles, API keys, SCIM provisioning, and audit logs.
  • developer
    Serves as the default role when you create a team and do not select another role. It does not grant access to agents, sessions, or other resources on its own. Users gain access only through team membership and the permissions defined in the roles assigned to those teams.

User-created roles

User-created roles are roles that you create and manage. In Organization > https://mintcdn.com/poolside/fyUKzbRkxqIwtXwu/images/icons/roles-icon.svg?fit=max&auto=format&n=fyUKzbRkxqIwtXwu&q=85&s=c3bc327ba3a8acc9935770cb68f65769 Roles, these roles show Created By: User. You can modify or delete user-created roles. When you create a role, you select allowed actions on specific resource types, such as agents, knowledge bases, MCP servers, or sandboxes. Use user-created roles to grant permissions tailored to your organization’s needs.

Permissions

Roles group permissions that grant actions on specific resource types. Poolside groups permissions by resource type, such as agents, knowledge bases, MCP servers, and sandbox definitions. For a complete list of available permissions, see Permissions reference.

Create a role

To create a role, you must provide a unique name and at least one permission.
If you’re creating a role to grant access to a specific agent, you can use Grant access on the agent’s detail page to pre-configure the required permissions based on the agent’s configuration. See Agents.
Prerequisites
  • You belong to a team with the tenant-admin role.
Steps
  1. In the Poolside Console, navigate to Organization > https://mintcdn.com/poolside/fyUKzbRkxqIwtXwu/images/icons/roles-icon.svg?fit=max&auto=format&n=fyUKzbRkxqIwtXwu&q=85&s=c3bc327ba3a8acc9935770cb68f65769 Roles.
  2. Click New Role.
  3. Enter a Role Name.
  4. Optional: For Assign Teams, select one or more teams to assign this role to immediately.
  5. Add permissions to the role:
    • Click Add Permission.
    • For Scope, select whether this permission applies to Specific resources or to All existing and future resources of this type.
    • Select a resource type, such as Agent, Knowledge Base, MCP Server, or Sandbox Definition.
    • Select the allowed actions for that resource.
  6. To add additional permissions to the role, click Add Permission and repeat the previous step.
  7. Click Create Role.

Add or remove permissions from a role

You can add or remove permissions from roles in your organization.
If you are adding permissions to grant access to a specific agent, you can use Grant access on the agent’s detail page to preconfigure the required permissions based on the agent’s configuration. See Agents.
Prerequisites
  • You belong to a team with the tenant-admin role.
Steps
  1. In the Poolside Console, navigate to Organization > https://mintcdn.com/poolside/fyUKzbRkxqIwtXwu/images/icons/roles-icon.svg?fit=max&auto=format&n=fyUKzbRkxqIwtXwu&q=85&s=c3bc327ba3a8acc9935770cb68f65769 Roles.
  2. Click the ellipsis () in the row for the role you want to edit and select Edit Role.
  3. Under Add Permissions, add or remove permissions as needed.
  4. Click Save.
Changes take effect immediately for all affected teams and users.

Assign or remove teams for a role

You can assign or remove teams for roles in your organization. Prerequisites
  • You belong to a team with the tenant-admin role.
Steps
  1. In the Poolside Console, navigate to Organization > https://mintcdn.com/poolside/fyUKzbRkxqIwtXwu/images/icons/roles-icon.svg?fit=max&auto=format&n=fyUKzbRkxqIwtXwu&q=85&s=c3bc327ba3a8acc9935770cb68f65769 Roles.
  2. Click the ellipsis () in the row for the role you want to edit and select Edit Role.
  3. Under Assign Teams, add or remove team assignments as needed.
  4. Click Save.
Changes take effect immediately for all affected teams and users.

Delete a role

Deleting a role removes it from all assigned teams. Users who relied on that role lose the permissions granted by the role. Prerequisites
  • You belong to a team with the tenant-admin role.
Steps
  1. In the Poolside Console, navigate to Organization > https://mintcdn.com/poolside/fyUKzbRkxqIwtXwu/images/icons/roles-icon.svg?fit=max&auto=format&n=fyUKzbRkxqIwtXwu&q=85&s=c3bc327ba3a8acc9935770cb68f65769 Roles.
  2. Click the ellipsis () in the row for the role you want to delete and select Delete Role.
  3. Review the confirmation dialog, which lists the teams currently assigned to the role.
  4. Click Delete to confirm.
Changes take effect immediately for all affected teams and users.