Roles & Permissions
Queria implements a role-based access control (RBAC) system that ensures every user can access only the features and content appropriate to their level of responsibility.
Role hierarchy
The platform has three access levels, from broadest to most restricted:
Company Admin
The company administrator is the role with the highest access level. Manages the company: users, settings, documents, knowledge base, topics and external sources configuration. Each company operates in complete isolation from the others.
Editor
The editor can upload documents to assigned topics and use all tools enabled by the subscription (Chat, Search, Web Search). Has no access to user management, company settings, Knowledge Base or topic creation.
Reader
The reader has read-only access: can use the tools enabled by the subscription (Chat, Search, Web Search), but cannot upload documents nor access the admin panel.
Permission matrix
| Feature | Company Admin | Editor | Reader |
|---|---|---|---|
| AI Chat | Yes | Yes | Yes |
| Search | Yes | Yes | Yes |
| Web Search | Yes | Yes | Yes |
| Document viewing | Yes | Yes (own topics only) | No |
| Document upload | Yes | Yes (own topics only) | No |
| Documents monitor | Yes | Yes (own topics only) | No |
| Trash (view/restore) | Yes | Yes (own topics only) | No |
| Permanent deletion | Yes | No | No |
| Topic creation/edit | Yes | No | No |
| Knowledge Base | Yes | No | No |
| Bot Knowledge | Yes | No | No |
| User management | Yes | No | No |
| Company settings | Yes | No | No |
| Company logo | Yes | No | No |
| External sources | Yes | No | No |
| Widget demo | Yes | Yes | No |
Login behavior
Each role has a different login experience:
| Role | Landing page | Dashboard access |
|---|---|---|
| Company Admin | Dashboard (CMS panel) | Direct |
| Editor | Chat (tools) | Via Queria logo in the header |
| Reader | Chat (tools) | Not available |
Navigation for Editors
Editors land directly on the Chat page on first login. To reach the CMS panel (document upload, monitor, etc.), click the Queria logo in the top-left header.
Per-topic access control
Each Editor and Reader must have at least one assigned topic. Topics determine which documents the user can see and where they can upload.
- A user can be assigned to multiple topics simultaneously
- Documents associated to a topic are visible only to authorized users
- AI chat respects restrictions: it does not cite documents the user cannot access
- The Editor must assign at least one topic when uploading a document
- If the Editor has only one topic, it's assigned automatically
Configuration example
A company with topics "Contracts", "HR" and "Technical" might configure:
- Mario (Editor): access to "Contracts" and "Technical" - can upload and see documents in both
- Laura (Editor): access to "HR" and "Contracts" - sees only HR and Contracts documents
- Giuseppe (Reader): access only to "Technical" - can chat only on Technical documents
Each user will see in the chat only documents of the topics they are authorized for.
How to change roles
Role changes are reserved for Company Admin:
- Go to User Management in the side menu
- Select the user to modify
- In the Role field, choose the new access level
- Assign one or more topics (required for Editor and Reader)
- Save the changes
New authorizations take effect immediately: on next access the user will see the updated interface.
Inviting new users
To add a new user:
- Go to User Management and click New User
- Enter email, name and temporary password
- Select the role to assign
- Assign one or more topics (required for Editor and Reader)
- Share the credentials with the user
Best practices
- Least privilege principle: always assign the most restrictive role sufficient for the user's activities
- Periodic review: regularly check assigned roles and remove no-longer-needed accesses
- Topic RBAC for sensitive data: use topic restrictions when handling restricted or confidential documents
- Dedicated Company Admin: every company should have at least two Company Admins to ensure operational continuity
- Targeted topic assignment: assign only the topics strictly necessary for the user's work
Notice
Changing a user's role takes effect immediately. If you reduce a user's permissions while they are currently working on the platform, access to removed features will be denied on the next navigation.
Queria v3.5.0 -- Cog-RAG Architecture