Skip to main content

Documentation Index

Fetch the complete documentation index at: https://arizeai-433a7140.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

The role-based access control (RBAC) in Phoenix is based on the following user roles:
  • admin - full control to the system, can administer users, system keys, etc.
  • member - a developer that can add traces, experiments, datasets, etc.
  • viewer - read-only access; cannot create, update, or delete most entities.
A user’s role controls their access via the UI as well as through the APIs.
For SSO (SAML), multi-level RBAC (account → organizations → spaces), and JIT user provisioning, see Arize AX.

User Management

ActionAdminMemberViewer
Create User✅ YesNoNo
Delete User✅ YesNoNo
Change Own Password✅ Yes✅ Yes✅ Yes
Change Other’s Password✅ YesNoNo
Change Own Username✅ Yes✅ Yes✅ Yes
Change Other’s Username✅ YesNoNo
Create System API Keys✅ YesNoNo
Delete System API Keys✅ YesNoNo
Create Own User API Keys✅ Yes✅ Yes✅ Yes
Delete Own User API Keys✅ Yes✅ Yes✅ Yes
Delete Other’s User API Keys✅ YesNoNo

API Key Management

ActionAdminMemberViewer
List All System API Keys✅ YesNoNo
List All User API Keys✅ YesNoNo
List All Users✅ YesNoNo
Fetch Other User’s Info, e.g. emails✅ YesNoNo

Secrets Management

ActionAdminMemberViewer
List Secret Keys✅ Yes✅ Yes✅ Yes
Create/Update Secrets✅ YesNoNo
Delete Secrets✅ YesNoNo

Evaluator Management

ActionAdminMemberViewer
View Evaluators✅ Yes✅ Yes✅ Yes
Create Evaluators✅ Yes✅ YesNo
Update Evaluators✅ Yes✅ YesNo
Delete Evaluators✅ Yes✅ YesNo
Test Evaluators✅ Yes✅ YesNo

AI Provider Management

Custom AI providers store credentials, so they are managed by admins only.
ActionAdminMemberViewer
View Custom AI Providers✅ Yes✅ Yes✅ Yes
Create Custom AI Provider✅ YesNoNo
Update Custom AI Provider✅ YesNoNo
Delete Custom AI Provider✅ YesNoNo
Test Provider Credentials✅ YesNoNo

Sandbox Management

Sandbox configurations can store provider API keys and environment variables, so they are managed by admins only.
ActionAdminMemberViewer
View Sandbox Configurations✅ Yes✅ Yes✅ Yes
Create Sandbox Configuration✅ YesNoNo
Update Sandbox Configuration✅ YesNoNo
Delete Sandbox Configuration✅ YesNoNo
Enable/Disable Sandbox Provider✅ YesNoNo
Environment variables added to a sandbox configuration are mounted into the sandbox at runtime and are readable by any code that runs there. Because Members can test evaluators, and testing a code evaluator executes arbitrary code inside the sandbox, any user who can test evaluators can read these environment variables — even though only admins can create or edit the sandbox configuration itself.Treat environment variables mounted in sandboxes as visible to all admins and members. Do not store secrets in them that should be restricted from members.