User Roles & Permissions Guide
This guide explains the different user roles in RightInsight and their associated permissions and capabilities.
User Roles Overview
RightInsight supports two distinct user roles, each with different levels of access and capabilities:
- User - Standard team member with basic analysis capabilities
- Admin - Company administrator with management permissions
Role Definitions
User Role
Standard team members who can analyze data and collaborate on insights.
Capabilities: - Analyze NetSuite data using AI - Ask questions and get insights - Use follow-up chat functionality - View their own query usage - Access company-level data sources - Create personal data sources - View and manage their own API keys - Delete their own analysis threads (if enabled)
Restrictions: - Cannot manage other users - Cannot access company settings - Cannot manage subscriptions - Cannot access admin features - Cannot modify company data sources
Admin Role
Company administrators who manage their organization's RightInsight account.
Capabilities: - All User capabilities - Manage company users (invite, remove, change roles) - Access company settings and configuration - Manage company data sources - Configure data retention policies - View company-wide analytics and usage - Manage company information - Access subscription management - Configure user permissions and settings
Restrictions: - Cannot access system-wide admin features - Cannot manage other companies
User Management
For Company Admins
Inviting New Users
- Navigate to Settings → Users tab
- Click "Invite User"
- Enter user details:
- Email address
- First name
- Last name
- Role (User or Admin)
- Send invitation - User receives email with setup instructions
Managing Existing Users
- View all company users with their roles and status
- Change user roles (promote users to admin, demote admins to users)
- Activate/deactivate users as needed
- Remove users from the company
- View user activity and last login information
User Role Changes
- Promoting to Admin: Gives user full company management access
- Demoting to User: Removes admin privileges, retains analysis access
- Role changes take effect immediately
Data Source Access
Company-Level Data Sources
- Audience: All company users
- Managed by: Company admins
- Access: All users in the company can use these data sources
- Use case: Shared NetSuite connections for the entire organization
User-Level Data Sources
- Audience: Individual user only
- Managed by: The user who created it
- Access: Only the creating user can use these data sources
- Use case: Personal NetSuite connections or specialized access
Data Source Priority
When multiple data sources exist, the system prioritizes:
- User-level data sources (highest priority)
- Company-level data sources (fallback)
Permission Matrix
| Feature | User | Admin |
|---|---|---|
| Data Analysis | ✅ | ✅ |
| Chat Interface | ✅ | ✅ |
| Personal API Keys | ✅ | ✅ |
| Company Settings | ❌ | ✅ |
| User Management | ❌ | ✅ |
| Data Source Management | Personal only | All |
| Subscription Management | View only | Full |
| Retention Policies | View only | Configure |
Security Considerations
Company Isolation
- Data Separation: Users can only access their own company's data
- Cross-Company Access: Not permitted for any role
- Data Source Security: Company data sources are isolated by company ID
Role-Based Access Control
- API Endpoints: Protected by role-based middleware
- UI Components: Conditionally rendered based on user role
- Data Queries: Filtered by company ID and user permissions
User Account Security
- Password Requirements: Strong password policies enforced
- Email Verification: Required for account activation
- Session Management: Secure JWT tokens with expiration
- Last Login Tracking: Monitored for security purposes
Best Practices
For Company Admins
- Start with User Role: Give new team members User access initially
- Promote Carefully: Only promote trusted users to Admin role
- Regular Audits: Periodically review user access and activity
- Data Source Management: Use company-level data sources for shared access
- Monitor Usage: Keep track of query usage and subscription limits
For Users
- Understand Your Role: Know what you can and cannot access
- Use Company Data Sources: Prefer company-level data sources when available
- Manage Personal Data Sources: Keep personal data sources organized
- Report Issues: Contact your admin if you need additional access
Troubleshooting
Common Issues
"Access Denied" Errors - Check your user role and permissions - Verify you're accessing the correct company data - Contact your company admin for role changes
"Cannot Access Data Source" - Ensure the data source is active and verified - Check if it's a company-level or user-level data source - Verify your role has access to the data source
"Cannot Invite Users" - Only Admin role can invite users - Check your subscription limits for user count - Ensure you have the necessary permissions
Getting Help
- Contact Your Admin: For role changes and company access
- Check Documentation: Review this guide for permission details
- Support Team: Contact support for technical issues
Understanding your role and permissions is crucial for effective use of RightInsight. If you need additional access or have questions about your current permissions, contact your company administrator.