Working with Roles

Learn how to use roles and permissions when working with the Deepgram API and Console.

Deepgram uses a tiered system of access control to provide granular access to its endpoints. These tiers include account (or global) permissions and project permissions. Applying different tiers of permissions allows for more granularity at the project level. For example, an account may have the project:kick permission for one project but not for another project.

Account Roles

At the account level, certain permissions imply other specific permissions. For example, an account that has access to the project:write permission also implicitly has access to the project:read permission. Similarly, account:write access implies access to every other account permission.

Project Roles

At the project level, users can have access to several roles, including owner, admin, and member, which, similar to account permissions, imply access to another set of permissions:

Project RoleImplicit Project Permissions
ownerproject:read
project:write
project:write:settings
project:write:destroy
keys:read
keys:write
members:read
members:read:invites
members:read:scopes
members:write
members:write:invites
members:write:scopes
members:write:kick

admins:read
admins:read:invites
admins:read:scopes
admins:write
admins:write:invites
admins:write:scopes
admins:write:kick

owners:read
owners:read:invites
owners:read:scopes
owners:write
owners:write:invites
owners:write:scopes
owners:write:kick

usage:read
usage:write
billing:read
billing:write
adminproject:read
project:write
keys:read
keys:write

members:read
members:read:invites
members:read:scopes
members:write
members:write:invites
members:write:scopes
members:write:kick

admins:read
admins:read:invites
admins:read:scopes
admins:write
admins:write:invites
admins:write:scopes
admins:write:kick

owners:read
owners:read:invites
owners:read:scopes

usage:read
usage:write
billing:read
memberproject:read
project:write
keys:read
keys:write
usage:read
usage:write