Permissions Reference

Complete reference of all permissions across the NeMo Platform APIs. Each permission controls access to a specific operation within an individual API. Permissions are assigned to users through roles.

For token-level access restrictions, see API Scopes. For the RBAC model, see Authorization Concepts.

Note

PlatformAdmin is omitted — it bypasses permission checks entirely at the policy level.

Audit API

Permission	Description	Viewer	Editor	Admin
audit.configs.(read | list)	Read, list audit configs	✓	✓	✓
audit.configs.(create | update | delete)	Create, update, delete audit configs		✓	✓
audit.info.read	Read audit service info	✓	✓	✓
audit.jobs.(read | list)	Read, list audit jobs	✓	✓	✓
audit.jobs.(create | update | delete | cancel)	Create, update, delete, cancel audit jobs		✓	✓
audit.plugins.(read | list)	Read, list audit plugins	✓	✓	✓
audit.targets.(read | list)	Read, list audit targets	✓	✓	✓
audit.targets.(create | update | delete)	Create, update, delete audit targets		✓	✓

Customization API

Permission	Description	Viewer	Editor	Admin
customization.jobs.(read | list)	Read, list customization jobs	✓	✓	✓
customization.jobs.(create | update | delete | cancel)	Create, update, delete, cancel customization jobs		✓	✓

Data Designer API

Permission	Description	Viewer	Editor	Admin
data-designer.jobs.(read | list)	Read, list data designer jobs	✓	✓	✓
data-designer.jobs.(create | delete | cancel)	Create, delete, cancel data designer jobs		✓	✓
data-designer.preview.exec	Execute data designer previews		✓	✓

Entities API

Permission	Description	Viewer	Editor	Admin
entities.(read | create | update | delete)	Read, create, update, delete entities

Evaluation API

Permission	Description	Viewer	Editor	Admin
evaluation.benchmarks.(read | list)	Read, list evaluation benchmarks	✓	✓	✓
evaluation.benchmarks.(create | delete)	Create, delete evaluation benchmarks		✓	✓
evaluation.jobs.(read | list)	Read, list evaluation jobs	✓	✓	✓
evaluation.jobs.(create | delete | cancel)	Create, delete, cancel evaluation jobs		✓	✓
evaluation.live.exec	Execute live evaluations		✓	✓
evaluation.metrics.(read | list)	Read, list evaluation metrics	✓	✓	✓
evaluation.metrics.(create | delete)	Create, delete evaluation metrics		✓	✓

Files API

Permission	Description	Viewer	Editor	Admin
filesets.(read | list)	Read, list files	✓	✓	✓
filesets.(create | update | delete)	Create, update, delete files		✓	✓

Guardrails API

Permission	Description	Viewer	Editor	Admin
guardrails.chat.exec	Execute guardrail chat completions		✓	✓
guardrails.checks.exec	Execute guardrail checks		✓	✓
guardrails.completions.exec	Execute guardrail completions		✓	✓
guardrails.configs.(read | list)	Read, list guardrails configs	✓	✓	✓
guardrails.configs.(create | update | delete)	Create, update, delete guardrails configs		✓	✓

IAM API

Permission	Description	Viewer	Editor	Admin
iam.(read | list | create | delete)	Read, list, create, delete iam			✓

Inference API

Permission	Description	Viewer	Editor	Admin
inference.deployment-configs.(read | list)	Read, list inference deployment-configs	✓	✓	✓
inference.deployment-configs.(create | delete)	Create, delete inference deployment-configs		✓	✓
inference.deployments.(read | list)	Read, list inference deployments	✓	✓	✓
inference.deployments.(create | update | delete)	Create, update, delete inference deployments		✓	✓
inference.gateway.model.exec	Execute model gateway inference	✓	✓	✓
inference.gateway.openai.exec	Execute OpenAI-compatible gateway inference	✓	✓	✓
inference.gateway.provider.exec	Execute provider gateway inference	✓	✓	✓
inference.providers.(read | list)	Read, list inference providers	✓	✓	✓
inference.providers.(create | update | delete)	Create, update, delete inference providers		✓	✓

Jobs API

Permission	Description	Viewer	Editor	Admin
jobs.(read | list)	Read, list jobs	✓	✓	✓
jobs.(create | update | delete | cancel)	Create, update, delete, cancel jobs		✓	✓

Models API

Permission	Description	Viewer	Editor	Admin
models.(read | list)	Read, list models	✓	✓	✓
models.(create | update | delete)	Create, update, delete models		✓	✓
models.adapters.(read | list)	Read, list models adapters (policy-enforced)	✓	✓	✓
models.adapters.(create | update | delete)	Create, update, delete models adapters		✓	✓
models.trust-remote-code.set	Whether this user can set trust_remote_code on Models (policy-enforced)			✓

Platform

Permission	Description	Viewer	Editor	Admin
platform.admin	Platform-wide administrative bypass (policy-enforced)

Projects API

Permission	Description	Viewer	Editor	Admin
projects.(read | list)	Read, list projects	✓	✓	✓
projects.(create | update | delete)	Create, update, delete projects		✓	✓

Safe Synthesizer API

Permission	Description	Viewer	Editor	Admin
safe-synthesizer.jobs.(read | list)	Read, list safe synthesizer jobs	✓	✓	✓
safe-synthesizer.jobs.(create | delete | cancel)	Create, delete, cancel safe synthesizer jobs		✓	✓

Secrets API

Permission	Description	Viewer	Editor	Admin
secrets.(read | list)	Read, list secrets	✓	✓	✓
secrets.(create | update | delete)	Create, update, delete secrets		✓	✓
secrets.(access | rotate)	Access, rotate secrets

Workspaces API

Permission	Description	Viewer	Editor	Admin
workspaces.(read | list)	Read, list workspaces	✓	✓	✓
workspaces.(update | delete)	Update, delete workspaces		✓	✓
workspaces.members.(read | list | create | update | delete)	Read, list, create, update, delete workspaces members			✓

Related

• Roles & Permissions — Role descriptions and hierarchy.

• API Scopes — Token-level scope restrictions.

• Authorization Concepts — Workspaces, roles, bindings, and the RBAC model.

• Security Model — Trust boundaries and authorization layers.