Skip to main content

Roles in Dynamo AI

There are 2 types of role on the platform: organizational and resource level roles.

Organizational Level Roles

These roles encompass permissions that apply across the entire platform and are not specific to any individual resource.

  • Example: DynamoGuard Admin has access to create, read, edit, and delete models and policies at an platform level.

Resource Level Roles

These roles and permissions are tied to specific resources.

  • Example: DynamoGuard Owner has permissions like model:get, model:edit on specific models within the context of DynamoGuard.

Organizational Level Roles

DynamoGuard

  • DynamoGuard Member

    • Cannot create new resources
    • Can perform operations on resources explicitly shared with them

  • DynamoGuard Developer

    • DynamoGuard Member +
    • Can create models and policies within DynamoGuard

  • DynamoGuard Admin

    • Is a super user, has full permissions in DynamoGuard
    • Gives the user full access to all the resources in DynamoGuard

DynamoEval

  • DynamoEval Member

    • Cannot create new resources
    • Can perform operations on resources explicitly shared with them

  • DynamoEval Developer

    • DynamoEval Member +
    • Can create models and datasets within DynamoEval

  • DynamoEval Admin

    • Is a super user, has full permissions in DynamoEval
    • Gives the user full access to all the resources in DynamoEval

User Management

  • IAM Viewer

    • Can view the list of the users on the platform and their roles

  • IAM Editor

    • Can invite users at different roles except the admin roles [DynamoGuard Admin, DynamoEval Admin, IAM Admin]
    • Only user with IAM Admin role can invite users at admin level roles

  • IAM Admin

    • IAM Editor +
    • Can remove user from the platform
    • Can reset password of the users

Resource Level Roles

Model Resource Roles

  • DynamoGuard Owner

    • Full access to model-related operations within the guard context (get, edit, delete, get guard dashboard, associated policies, monitoring logs, apply policy).

  • DynamoGuard Editor

    • Can get and edit model information, and has access to guard-specific dashboards, associated policies, monitoring logs, and can apply policies.

  • DynamoGuard Viewer

    • Can only view model information and access guard-specific dashboards, associated policies, and monitoring logs.

  • DynamoEval Owner

    • Full access to model-related operations within the evaluation context (get, edit, delete, get eval dashboard, create test, get all tests, get specific test, delete test).

  • DynamoEval Editor

    • Can get and edit model information, and has access to evaluation-specific dashboards, create tests, get all tests, get specific tests, and delete tests.

  • DynamoEval Viewer

    • Can only view model information and access evaluation-specific dashboards and tests (all tests, specific tests).

Policy Resource Roles

  • DynamoGuard Owner

    • Full access to policy-related operations within the guard context (get, edit, delete, apply policy).

  • DynamoGuard Editor

    • Can get and edit policy information

  • DynamoGuard Viewer

    • Can only view policy information

Examples Roles

Example 1: Creating a Model

An Org Level role such as DynamoGuard Developer would have the model:create permission, allowing them to create a new model in the organization.

Example 2: Viewing Policy Details

A Resource Level role such as DynamoGuard Viewer would have policy:get permission to view details of a policy.

Example 3: Editing a Dataset

A Resource Level role like DynamoEval Editor would have permissions such as dataset:edit to modify a specific dataset.

Example 4: Granting User Roles

An Org Level role like IAM Admin will have permissions like user:setRole to assign roles to other users within the organization.