Skip to main content
Paradigm implements a comprehensive role-based access control system to ensure secure and efficient management of user permissions. This article explains the different user roles available and their associated permissions. Role Structure Overview Diagram

Role Structure Overview

Paradigm’s Role-Based Access Control (RBAC) structure is organized into 3 distinct levels:
  1. Platform level (turquoise) for multi-company administration,
  2. Company level (gray) for single-company management,
  3. and User level (light gray) for end-users.
The lines represent creation permissions, where higher-level roles can create subordinate roles - with System Admin having the broadest creation rights. This hierarchical structure ensures proper access control while maintaining clear organizational boundaries. Permissions Hierarchy Diagram
Key Principles:
  • Permissions are cumulative - users can combine multiple roles
  • Access is hierarchical - higher roles include lower-level permissions
  • Segregation of duties ensures security and compliance

1. Administrative Roles

1.a System Administrator

The System Administrator is Paradigm’s highest-level technical role, focused exclusively on platform administration and multi-company configuration. This role operates at the tenant level with complete administrative control while maintaining strict data privacy - System Administrators cannot access customer-specific data.

1.b Account Manager

The Account Manager is a central administrative role focused on customer environment management and day-to-day platform operations. Operating at the platform level, this role supports multiple companies while having specific limitations to maintain security and data integrity.

1.c DPO Admin (Data Protection Officer)

The DPO Admin is a specialized compliance oversight role with comprehensive read-only access to all platform data. This role ensures GDPR compliance and data protection standards across the entire platform, with the ability to monitor but not modify any sensitive information.

2. Company-Level Roles

2.a Company Admin

The Company Administrator manages all aspects of Paradigm within their specific company scope. This role has full administrative control over their company’s environment while being strictly limited to their organization’s boundary.

2.b Company DPO

The Company DPO oversees data protection and GDPR compliance specifically within their organization’s scope on Paradigm. This role has comprehensive read-only access to all company data for compliance monitoring, without any administrative capabilities.

3. User-Level Roles

Basic User

The Basic User represents the everyday Paradigm user looking to enhance their daily productivity. This default role enables them to collaborate with AI assistants through their authorized documents and workspaces. While they don’t have access to administrative features, they can fully leverage AI capabilities to optimize their daily tasks and improve their workflow.

Document Manager

Oversees document operations (upload/delete) strictly through the front-end interface within their authorized company workspaces.
They cannot modify workspace settings or access unauthorized areas - these permissions remain with Company Admins. Company-wide document visibility is restricted to Company DPOs only.

API Key User

This role enables users to manage their own API keys through their personal settings, strictly limited to creating and deleting personal API keys. It does not grant any additional administrative privileges or access to other users’ API settings.

Group and Permissions List

You can find the detailed permissions matrix in our comprehensive spreadsheet:
  • x: Permission granted
  • Empty cell: Permission not granted