Roles and Permissions

This ecosystem uses Zitadel as the source of truth for identities and roles.

Role-based feature activation (Portal / AI)

Roles are used to control access to AI capabilities:

• A user with a given role (for example mecanica) can be granted access to specific RAGs and MCP agents tagged with the same role.
• The Portal Admin UI uses roles to decide what resources can be enabled for a user or chatbot session.

Where roles are managed:

• Roles are assigned and persisted in Zitadel.
• The Portal reads roles from Zitadel and applies them for feature gating and UI decisions.

Related documentation

• Zitadel: docs/internal/services/security/zitadel.md
• Portal: docs/internal/services/platform/portal.md