Skip to main content
Galtea uses role-based access control. Every member of your organization has one role that decides what they can see and change. This page lists the four organization roles and the actions each one can perform. Actions cover the standard operations (Create, Read, Update, Delete) plus a soft delete (a logical delete that hides a record without removing it). Many permissions are conditional, shown as a short rule in the cell.

Roles

  • OWNER: Manages users and resources in their own organization. Cannot hard-delete.
  • MEMBER: Day-to-day access in their organization: view and contribute, with limited edits. Cannot hard-delete.
  • HUMAN_EVALUATOR: Read-only across the organization, plus may annotate AI metrics and submit human evaluations.
  • READER: Read-only across the organization. Cannot create, update, or delete anything.
Each cell shows what a role can do for that action. ✅ means allowed and ❌ means not allowed. A short rule (for example, “If product in own org”) means the action is allowed only when that rule is true at the time, checked against your organization and the record’s ownership.

Permissions by area

Identity & Organization

User
ActionOWNERMEMBERHUMAN_EVALUATORREADER
CreateIf target in own org
ReadIf target in own orgIf target in own orgIf target in own orgIf target in own org
UpdateIf target in own orgOnly self
Delete
Soft deleteIf target in own org, not self, and not an admin
Organization
ActionOWNERMEMBERHUMAN_EVALUATORREADER
Create
ReadOwn orgOwn orgOwn orgOwn org
Update
Delete
Soft delete

Test Assets

Product
ActionOWNERMEMBERHUMAN_EVALUATORREADER
CreateIf product in own orgIf product in own org
ReadIf product in own orgIf product in own orgIf product in own orgIf product in own org
UpdateIf product in own orgIf product in own org
Delete
Soft deleteIf product in own orgIf product is theirs (by userId)
Version
ActionOWNERMEMBERHUMAN_EVALUATORREADER
CreateIf parent product in own orgIf parent product in own org
ReadIf parent product in own orgIf parent product in own orgIf parent product in own orgIf parent product in own org
UpdateIf parent product in own orgIf parent product in own org
Delete
Soft deleteIf parent product in own orgIf parent product in own org
Test
ActionOWNERMEMBERHUMAN_EVALUATORREADER
CreateIf parent product in own orgIf parent product in own org
ReadIf parent product in own org, or test is globalIf parent product in own org, or test is globalIf parent product in own org, or test is globalIf parent product in own org, or test is global
UpdateIf parent product in own orgIf parent product in own org
Delete
Soft deleteIf parent product in own orgIf parent product in own org
Test Case
ActionOWNERMEMBERHUMAN_EVALUATORREADER
CreateIf parent test in own orgIf parent test in own org
ReadIf parent test in own org, or test is globalIf parent test in own org, or test is globalIf parent test in own org, or test is globalIf parent test in own org, or test is global
UpdateIf parent test in own orgIf parent test in own org
Delete
Soft deleteIf parent test in own orgIf parent test in own org

Evaluation & Results

Evaluation
ActionOWNERMEMBERHUMAN_EVALUATORREADER
CreateIf evaluation’s product in own orgIf evaluation’s product in own org
ReadIf evaluation’s product in own orgIf evaluation’s product in own orgIf evaluation’s product in own orgIf evaluation’s product in own org
UpdateIf evaluation’s product in own orgIf evaluation’s product in own org
Delete
Soft deleteIf evaluation’s product in own orgIf evaluation’s product in own org
Annotate AI metric
Human evaluation
Annotating or submitting human evaluations also requires membership in the relevant User Group; the table shows the role-level gate only. Inference Result
ActionOWNERMEMBERHUMAN_EVALUATORREADER
CreateIf result’s product in own orgIf result’s product in own org
ReadIf result’s product in own orgIf result’s product in own orgIf result’s product in own orgIf result’s product in own org
UpdateIf result’s product in own orgIf result’s product in own org
Delete
Soft deleteIf result’s product in own orgIf result’s product in own org

Reference Data

Metric
ActionOWNERMEMBERHUMAN_EVALUATORREADER
CreateIf metric in own orgIf metric in own org
ReadIf in own org, or globalIf in own org, or globalIf in own org, or globalIf in own org, or global
UpdateIf metric in own orgIf metric in own org
Delete
Soft deleteIf metric in own orgIf metric in own org
Model
ActionOWNERMEMBERHUMAN_EVALUATORREADER
CreateIf model in own orgIf model in own org
ReadIf in own org, or globalIf in own org, or globalIf in own org, or globalIf in own org, or global
UpdateIf model in own orgIf model in own org
Delete
Soft deleteIf model in own orgIf model in own org

Analytics & Insights

Analytics
ActionOWNERMEMBERHUMAN_EVALUATORREADER
ReadIf data in own orgIf data in own orgIf data in own orgIf data in own org

Notes

  • Read-only roles: READER and HUMAN_EVALUATOR can read exactly what a MEMBER can read (the same organization scope). They cannot create, update, or delete. HUMAN_EVALUATOR additionally may annotate AI metrics and submit human evaluations; READER cannot.
  • Organization scope: “In own org” means the record (or its parent, such as a Product) has an organizationId equal to the signed-in user’s organization. This keeps each client organization’s data separate.
  • Parent scope: For nested records (Version, Test, Evaluation, and so on) access is derived from the parent’s organization. Example: a Version belongs to a Product, and the Product belongs to an Organization. An Evaluation is reached through session to version to product.
  • Global records: Some records (Metric, Model, and a Test with no product) can be global, meaning not tied to one organization. Global records are readable by every role in addition to their own organization’s records.
  • Hard delete: None of these roles can permanently delete records. Where deletion is shown it is a soft delete: the record is hidden, not removed.