:Harvey:Support

Access Control & Permission Management

Manage user roles and permissions in Harvey, including custom roles and access controls.

Last updated: Jun 5, 2025

Overview

Admins can view and manage access to Harvey functionality across their workspace using the Users and Roles pages.

  • Users Table: Manage and review user permissions, including which users have access to specific features and which features a specific user can access. This also involves changing the assigned role, typically between admin and user.
  • Roles Table: Manage and review the definition of roles, such as the permissions assigned to all admins or all basic users.

Users Table

Admins can view and manage the permissions of any user in the Users table under Admin Settings.

  • Role: Each user must be assigned a role (e.g. ‘User’ or ‘Admin’), which defines their default permissions.
  • Extra Permissions: These are permissions granted to the user beyond their role. This is typically used when an individual user needs to test a new feature or requires a single admin permission without being upgraded to the admin role.

Note: Admins can export user lists, with filters, as a .CSV file by clicking on ‘Export’ on the Users table.

User Table in Settings

Filtering Users by Role or Permission

To filter users by Role or Permissions:

  1. Click on Filters.
  2. Click on the filter dropdown for Role or Permissions, and check the boxes for the desired Roles or Permissions. Once selected, these will take immediate affect.
  3. The list of users that have the selected role and all the selected permissions.

Granting Permissions to Users

Note: Although Harvey can control access to workflows in general, we do not support managing access to individual workflows at this time.

To grant permission to a user or a subset of users:

  1. Select the users in the Users table.
  2. Click Manage Permissions and choose the permission to grant under the Add Permissions toggle. If all selected users already have that permission, it will not appear in the list.
  3. Click Add Permissions to grant the selected permission to all users. It will then appear in the extra permissions column for these users.

Revoking Permissions from Users

To revoke a permission from a user or a subset of users:

  1. Select the users in the Users table.
  2. Click Manage Permissions and choose the permission to grant under the Remove Permissions toggle. If all selected users already have that permission, it will not appear in the list.
  3. Click Remove Permissions to grant the selected permission to all users. It will then appear in the extra permissions column for these users.

Modifying a User’s Role

To modify a user's assigned role:

  1. Select the user you want to update.
  2. Click the dropdown in the Roles column and select the new role.
  3. Confirm the permission changes via the popup by clicking Update role.
    1. In cases where the user will lose permissions moving from one role to the other, select which permissions are to be retained via the checkboxes, then click Update role.
  4. The changes will apply immediately.

Roles Table

Admins can view and manage role definitions from the Roles tab under Admin Settings.

  • Default Roles: Workspaces will already have Admin and User roles created by default.
  • Additional Roles: Workspace admins can create an additional 5 custom roles.

Notes:

  1. When a new user account is created, it is assigned the User role by default.
  2. Also, when permissions are modified in a role, the changes immediately apply to all users with that role, ensuring consistent access management across the workspace.
Roles Table in Settings

Assigning Permissions to Roles

Note: If a workspace does not have access to unlimited Vault seats, they will not be able to assign vault access to a role. Vault access can only be granted on a per-user level.

To assign or remove permissions from roles:

  1. Navigate to the Roles tab in Admin Settings.
  2. Check the boxes next to each permission you want to grant to the role, then click Save. All changes will then be applied immediately to those roles.

Revoking Permissions from Roles

To revoke permissions from roles:

  1. Navigate to the Roles tab in Admin Settings.
  2. Uncheck the boxes next to each permission you want to revoke from the role, then click Save. All changes will then be applied immediately to those roles.

Creating Custom Roles

To create a new role:

  1. Click on Create role from the Roles table.
    1. Note: Admin and User roles already exist as default.
  2. Name the role, enter a description, and choose if you wish to create the role with base role permissions applied.
  3. Click Add. The new role will be added immediately and visible in the Roles table.

Renaming Custom Roles

To edit a role:

  1. Click on the arrow next to the custom role you wish to edit, and select Edit role.
    1. Note: Only custom roles can be renamed.
  2. Enter the new name and/or description and click Submit.

Deleting Custom Roles

To delete a role:

  1. Click on the arrow next to the role you wish to edit, and select Delete role.
    1. Note: Only custom roles can be deleted.
  2. If there are currently users assigned to this custom role, select the new role these users should be re-assigned to.
  3. Click Reassign and Delete.

FAQs

Q: Why do we need extra permissions?

Extra permissions grant specific users additional access beyond their role without upgrading their entire role. This enables precise control over permissions for early access features or limited admin capabilities, such as restricting access to library or integration management without granting full workspace privileges.

Q: Can I create custom roles for my workspace?

Workspace admins can create up to a maximum of 5 custom roles by default. Please reach out to Harvey support via **support@harvey.ai** if the creation of additional custom roles is required.

Q: Which users have the ability to edit user permissions and roles?

Admins with access to the “Edit Permissions” bundle will be able to edit user permissions and roles. This includes the ability to give other users the ability to edit permissions. We recommend limiting this access to a select few users for better permission control.

Q: Will extra permissions granted to a user be retained even when the role of a user changes? In general, when a user’s role is changed, they will keep any ‘extra’ permissions they currently have. Admins will have the option to selectively override this behavior when updating a user’s role as shown below:

Prompt to keep extra permissions or to remove.