Working with Roles
Learn how to use roles and permissions when working with the Deepgram API and Console.
Deepgram uses a tiered system of access control to provide granular access to its endpoints. These tiers include account (or global) permissions and project permissions. Applying different tiers of permissions allows for more granularity at the project level. For example, an account may have the project:kick permission for one project but not for another project.
Account Roles
At the account level, certain permissions imply other specific permissions. For example, an account that has access to the project:write permission also implicitly has access to the project:read permission. Similarly, account:write access implies access to every other account permission.
Project Roles
At the project level, users can have access to several roles, including owner, admin, and member, which, similar to account permissions, imply access to another set of permissions:
| Project Role | Implicit Project Permissions |
|---|---|
owner | project:readproject:writeproject:write:settingsproject:write:destroykeys:readkeys:writemembers:readmembers:read:invitesmembers:read:scopesmembers:writemembers:write:invitesmembers:write:scopesmembers:write:kickadmins:readadmins:read:invitesadmins:read:scopesadmins:writeadmins:write:invitesadmins:write:scopesadmins:write:kickowners:readowners:read:invitesowners:read:scopesowners:writeowners:write:invitesowners:write:scopesowners:write:kickusage:readusage:writebilling:readbilling:write |
admin | project:readproject:writekeys:readkeys:writemembers:readmembers:read:invitesmembers:read:scopesmembers:writemembers:write:invitesmembers:write:scopesmembers:write:kickadmins:readadmins:read:invitesadmins:read:scopesadmins:writeadmins:write:invitesadmins:write:scopesadmins:write:kickowners:readowners:read:invitesowners:read:scopesusage:readusage:writebilling:read |
member | project:readproject:writekeys:readkeys:writeusage:readusage:write |
Updated 18 days ago