Access Role Concept
- Sandro Camastral
Analytics
Overview
This guide aims to give an overview to the access roles for Unique.
The access role concept has four layers: Zitadel Roles, Unique Roles, Space Access and Scope Access.
Zitadel Roles can modify settings and entities on Zitadel itself. That means they can manage organisations, users, branding and all other information of the Zitadel itself.
Unique Roles determine the access to the application and specific features in the application.
Space Access determines to which space which user or user group has access
Scope Access determines which user or user groups can read (see) or write (add/modify) documents to which scopes (folder). Based on this configuration you define what knowledge the user has access to when using spaces.
Zitadel Roles and Unique Roles are managed via Zitadel.
Space Access and Scope Access are managed in the Unique App or via APIs.
1. Zitadel Roles
Zitadel Roles can modify settings and entities on Zitadel itself. That means they can manage organisations, users, branding and all other information of the Zitadel itself and are provided through Zitadel , following this documentation: ZITADEL Docs
Some typical roles we use at Unique are :
Role Name | Remarks |
|---|---|
IAM_OWNER | Only assigned to 2 users, that are able to make manage the Instance. |
IAM_OWNER_VIEWER | Can view everything on the Instance (but not edit). Is used for |
IAM_ORG_MANAGER | We can have multiple that can make changes on the organisation level, including but not restricted to Managing Users and their authorizations. |
Other roles might be relevant for service users
Can be adapted to meet the Customer’s need.
2. Unique Roles
Unique roles determine the access and permissions for platform features, as described in the following documentation: Roles and Permissions
These Roles are also managed using Zitadel and should be given to users on an organisation level. To be able to give the authorizations to users, you need to have the relevant Zitadel Roles.
3. Space Access
You can manage access to specific spaces, using the space management tab on the Unique App and following this documentation: Space Management Interface | Members .
To manage Space Access, users need to have the
admin.space.writerole, from the Unique Roles.
4. Scope Access (Folder in the Knowledge Base)
Scope Access determines which users or user groups can read (see) or write (add/modify) documents to which scopes (folders). Based on this access configuration you define what knowledge the user has access to when using spaces or Unique in general.
Scope Access can currently only be configured via API with the chat.admin.all Unique Role.
At the moment this can only be managed using APIs, a UI in the Unique App is in the works.
To manage scopes and groups, you will need these two documentations:
Managing Scopes: Managing scopes & access via API
Managing Groups:Managing groups & group members via API
If you are starting from scratch, you need to:
Create a new group Managing groups & group members via API | Creating a group
Add members to the group using the API or the UI (User management in the Unique App): https://unique-ch.atlassian.net/wiki/x/MgAFJQ
Create a Scope Managing scopes & access via API | Creating a scope
Create scope Access Managing scopes & access via API | Creating scope access
Author | @Paul Cornec @Sandro Camastral |
|---|
Related content
© 2025 Unique AG. All rights reserved. Privacy Policy – Terms of Service