Upcoming Changes to Index Permission Model
Background: Earlier this year we introduced new flexibility to the Context Grounding permissions model to enable automation developers CRUD access to the index lifecycle.
Why are we making these changes: In early October we will be introducing some changes to these operations to support the flexibility of some of our exciting roadmap features (e.g. multi-source DeepRAG). These updates simplify access management while maintaining secure and flexible control over index operations. The changes detailed below will impact existing and net new indexes.
**What is Changing: **
| Operation | Detail | Permissions Change |
|---|---|---|
| Creating an Index | Creating an Index in Orchestrator or the Agents Landing Page | None: ‘Buckets.View’ and ‘Index.Create’ still required; default permissions for automation developer |
| Triggering Ingestion on an Index | Syncing an index with the latest data in data source | ‘Indexes.Edit’ now only required permission (Previously required ‘Indexes.Edit’ and ‘Buckets.View’) |
| Updating Index Details | Changing ingestion/sync settings on a previously created Index | None: ‘Indexes.Edit’ still required |
| Retrieval from Index | Search, RAG, Summaries, etc. - various querying operations from agents, GenAI activities, or A4E | ‘Indexes.View’ now only required permission (Previously required ‘Buckets.View’ or Connections.View) |
| Deleting an Index | Deleting a previously created index | None: ‘Indexes.Delete’ still required |
Find additional details on roles and permissions here: Orchestrator - Default roles