User accounts
Each user in Circuit has an account with:- Email address: the primary identifier, used for login
- Name: first and last name for display
- Identity provider: how they authenticate (Google or Microsoft)
- Status: active or inactive
Workspace roles
Every user in a workspace has one of three roles:| Role | Capabilities |
|---|---|
| Primary owner | Full control over the workspace, including billing, all indexes, all agents, and all users. Cannot be removed. |
| Admin | Can manage users, indexes, and agents. Can create and configure resources. Cannot change billing or remove the primary owner. |
| Member | Can access indexes and agents shared with them. Cannot create or configure workspace-level resources. |
Adding users
To add a user to your workspace:Invite by email
Enter the user’s email address. They’ll receive an invitation to join your workspace.
Grant access to resources
Share specific indexes and agents with the user, or add them to a group that already has the right access configured.
Removing users
When you remove a user from your workspace:- They lose access to all workspace indexes and agents
- Their chat history is retained for audit purposes
- They can still access any personal (non-workspace) resources they own
Index permissions
Each index has its own role assignments:| Role | Can view content | Can upload documents | Can delete documents | Can manage settings |
|---|---|---|---|---|
| Owner | Yes | Yes | Yes | Yes |
| Admin | Yes | Yes | Yes | Yes |
| Viewer | Yes | No | No | No |
Agent permissions
Each agent also has role-based access:| Role | Can chat | Can edit configuration | Can manage sharing | Can delete |
|---|---|---|---|---|
| Owner | Yes | Yes | Yes | Yes |
| Admin | Yes | Yes | Yes | No |
| Viewer | Yes | No | No | No |
Users only see agents and indexes that have been explicitly shared with them (directly or through a group). Workspace admins can see all resources.
Best practices
- Use groups for team-level access instead of assigning permissions to individual users. See groups.
- Start with Viewer and elevate permissions as needed.
- Review permissions periodically: when people change roles or leave teams, update their access.
- Use the Admin role sparingly: most users only need Viewer access to agents and indexes.