Access Control

List view

Quick Start
Welcome
Console & Settings
Release Notes
October 9, 2025 WitnessAI Update
October 23, 2025 WitnessAI Update
October 2, 2025 WitnessAI Update
September 30, 2025: WitnessAI Update
September 23, 2025: WitnessAI Update
August 12, 2025: WitnessAI Update
July 31, 2025: WitnessAI Update
July 18, 2025: WitnessAI Update
June 23, 2025: WitnessAI Update
June 9, 2025: WitnessAI Update
April 11, 2025: WitnessAI Release v2.0
Copy August 12, 2025: WitnessAI Update
Supported Applications & LLMs
User Guide
Lists - OLD
Private Applications
Home
Discovery
Discovered Apps
App Catalog
Analytics
Conversations
Users
Alerts
Policies
Lists
Settings
Configuration
Access Control
System
Secure AI Portal
User Menu
Policies & GuardRails
Policy Creation
Policy Precedence
GuardRail: Behavioral Activity
GuardRail: Data Protection
GuardRail: Harmful Response Prevention (Beta)
GuardRail: Model Identity Protection
GuardRail: Model Protection
GuardRail: Organizational Behavior (Beta)
GuardRail: Risk Analysis
Witness Anywhere: Remote Device Security
Witness Anywhere Overview
Witness Anywhere with Stunnel
Witness Anywhere: Azure VDI - Intune
Witness Anywhere: CrowdStrike (Windows)
Witness Anywhere: GPO (Windows)
Witness Anywhere: Jamf (macOS) (Beta)
Witness Anywhere: SentinelOne
Witness Anywhere: FAQ
Witness Attack
Witness Attack: AI Red Teaming 
Administrator Guide
Integrations: Identity Providers
Identity: Microsoft Entra ID (Azure AD)
Identity: Okta Identity
Integrations: Network Security
Netskope SWG
Palo Alto Networks NGFW
Prisma Access: DNS Sinkhole
Prisma Access: Explicit Proxy
Zscaler Internet Access
Zscaler Beta
Status Page
API Reference
Input API
Complete API
Text-Completion API
Prompt-Protect API
Encryption

Access Control

Users

Add, Invite, and Delete Users

notion image

Groups

Manage Groups’ Roles

notion image

Roles

Roles define permissions to view Console features, view data, and edit configurations.
Roles can be assigned to Users and Groups.
When a User inherits Roles from multiple Groups, their set of permissions is called their Effective Role.
A User’s Effective Role is the highest role inherited, i.e. the Role with the most permissions.
notion image
 

Roles and Capabilities

Chat User Role

The Chat User role only provides access to the Secure AI Portal (the “Portal”), which is our chat-style interface. The Portal can connect to almost any Public or Private LLM Model that support a chat-style interface. Most current Models can be used from within the Portal, although some will require configuration from WitnessAI.
If your highest effective Role is the Chat User, when you login to the WitnessAI Application you will only access the Portal.

Console User Role

The Console User role can access the Portal, and they can also access the following Console pages and components in view-only mode:
  • Home and Analytics
  • Catalog
  • Conversations
  • Conversations by User
  • Alerts

Policy Viewer Role

The Policy Viewer role permits all the access above, plus view-only permission on:
  • Policies
  • GuardRails
  • Lists

Policy Manager Role

The Policy Manager role permits all the access above, plus add, edit, and delete permissions on:
  • Policies
  • GuardRails
  • Lists

Admin Role

The Admin role grants all the access above, plus edit permissions on:
  • Settings.

User Admin Role

The User Admin role grants all the access above, plus edit permissions on:
  • Role Based Access Control

Super Admin Role

The Super Admin role grants all the access above, plus permissions to grant and revoke the permission to view VIP data to Groups.
Users with Super Admin role can access and copy API Keys, even after a user exits the API Keys page.