Managing Users
RAG-DocBot uses role-based access control (RBAC) with three roles.
Roles and Permissions
| Role | Permissions |
|---|---|
viewer | Read-only access: chat, list documents, view index stats, view jobs, view license / branding / integrations / hardware / model info |
editor | All viewer permissions, plus: upload and delete documents, rebuild the index, trigger integration syncs |
admin | All editor permissions, plus: update license, manage branding, manage integrations, manage users |
Default Admin Account
A default admin account is created automatically on first boot, using the credentials set in .env:
DEFAULT_ADMIN_USER=admin
DEFAULT_ADMIN_PASSWORD=changeme
info
Change the default credentials before exposing the service to other users. See Changing Password.
User Management
All user management endpoints require the admin role. The following operations are available:
| Operation | Description |
|---|---|
| List users | View all user accounts |
| Create user | Add a new user and assign a role |
| Get user | View details for a specific user |
| Update user password | Change a user's password |
| Update user role | Change a user's role (viewer, editor, or admin) |
| Delete user | Remove a user account |
These operations are available through the API at CRUD /api/auth/users and through the Users section in the DocBot UI.