Paradigm implements a comprehensive role-based access control system to ensure secure and efficient management of user permissions. This article explains the different user roles available and their associated permissions.
Role Structure Overview
Paradigm's Role-Based Access Control (RBAC) structure is organized into 3 distinct levels:
- Platform level (turquoise) for multi-company administration,
- Company level (gray) for single-company management,
- and User level (light gray) for end-users.
The lines represent creation permissions, where higher-level roles can create subordinate roles - with System Admin having the broadest creation rights. This hierarchical structure ensures proper access control while maintaining clear organizational boundaries.
Key Principles:
- Permissions are cumulative - users can combine multiple roles
- Access is hierarchical - higher roles include lower-level permissions
- Segregation of duties ensures security and compliance
1. Administrative Roles
1.a System Administrator
The System Administrator is Paradigm's highest-level technical role, focused exclusively on platform administration and multi-company configuration. This role operates at the tenant level with complete administrative control while maintaining strict data privacy - System Administrators cannot access customer-specific data.
✅ Has Access To | ❌ Does Not Have Access To |
|
|
1.b Account Manager
The Account Manager is a central administrative role focused on customer environment management and day-to-day platform operations. Operating at the platform level, this role supports multiple companies while having specific limitations to maintain security and data integrity.
✅ Has Access To | ❌ Does Not Have Access To |
|
|
1.c DPO Admin (Data Protection Officer)
The DPO Admin is a specialized compliance oversight role with comprehensive read-only access to all platform data. This role ensures GDPR compliance and data protection standards across the entire platform, with the ability to monitor but not modify any sensitive information.
✅ Has Access To | ❌ Does Not Have Access To |
|
|
2. Company-Level Roles
2.a Company Admin
The Company Administrator manages all aspects of Paradigm within their specific company scope. This role has full administrative control over their company's environment while being strictly limited to their organization's boundary.
✅ Has Access To | ❌ Does Not Have Access To |
|
|
2.b Company DPO
The Company DPO oversees data protection and GDPR compliance specifically within their organization's scope on Paradigm. This role has comprehensive read-only access to all company data for compliance monitoring, without any administrative capabilities.
✅ Has Access To | ❌ Does Not Have Access To |
|
|
3. User-Level Roles
Basic User
The Basic User represents the everyday Paradigm user looking to enhance their daily productivity. This default role enables them to collaborate with AI assistants through their authorized documents and workspaces. While they don't have access to administrative features, they can fully leverage AI capabilities to optimize their daily tasks and improve their workflow.
✅ Has Access To | ❌ Does Not Have Access To |
|
|
Document Manager
Oversees document operations (upload/delete) strictly through the front-end interface within their authorized company workspaces.
They cannot modify workspace settings or access unauthorized areas - these permissions remain with Company Admins. Company-wide document visibility is restricted to Company DPOs only.
API Key User
This role enables users to manage their own API keys through their personal settings, strictly limited to creating and deleting personal API keys. It does not grant any additional administrative privileges or access to other users' API settings
Group and Permissions list
- x : Permission granted
- Empty cell: Permission not granted