Skip to main content

โ€‹
Overview

RBAC in CrewAI AMP enables secure, scalable access management through a combination of organizationโ€‘level roles and automationโ€‘level visibility controls.
RBAC overview in CrewAI AMP

โ€‹
Users and Roles

Each member in your CrewAI workspace is assigned a role, which determines their access across various features. You can:
  • Use predefined roles (Owner, Member)
  • Create custom roles tailored to specific permissions
  • Assign roles at any time through the settings panel
You can configure users and roles in Settings โ†’ Roles.
1

Open Roles settings

Go to Settings โ†’ Roles in CrewAI AMP.
2

Choose a role type

Use a predefined role (Owner, Member) or click Create role to define a custom one.
3

Assign to members

Select users and assign the role. You can change this anytime.

โ€‹
Configuration summary

AreaWhere to configureOptions
Users & RolesSettings โ†’ RolesPredefined: Owner, Member; Custom roles
Automation visibilityAutomation โ†’ Settings โ†’ VisibilityPrivate; Whitelist users/roles

โ€‹
Automationโ€‘level Access Control

In addition to organizationโ€‘wide roles, CrewAI Automations support fineโ€‘grained visibility settings that let you restrict access to specific automations by user or role. This is useful for:
  • Keeping sensitive or experimental automations private
  • Managing visibility across large teams or external collaborators
  • Testing automations in isolated contexts
Deployments can be configured as private, meaning only whitelisted users and roles will be able to:
  • View the deployment
  • Run it or interact with its API
  • Access its logs, metrics, and settings
The organization owner always has access, regardless of visibility settings. You can configure automationโ€‘level access control in Automation โ†’ Settings โ†’ Visibility tab.
1

Open Visibility tab

Navigate to Automation โ†’ Settings โ†’ Visibility.
2

Set visibility

Choose Private to restrict access. The organization owner always retains access.
3

Whitelist access

Add specific users and roles allowed to view, run, and access logs/metrics/settings.
4

Save and verify

Save changes, then confirm that nonโ€‘whitelisted users cannot view or run the automation.

โ€‹
Private visibility: access outcomes

ActionOwnerWhitelisted user/roleNot whitelisted
View automationโœ“โœ“โœ—
Run automation/APIโœ“โœ“โœ—
Access logs/metrics/settingsโœ“โœ“โœ—
The organization owner always has access. In private mode, only whitelisted users and roles can view, run, and access logs/metrics/settings.
Automation Visibility settings in CrewAI AMP

Need Help?

Contact our support team for assistance with RBAC questions.
โŒ˜I