How to create a Security Profile
Before you begin
Security Profiles must exist before users can be invited. Create your profiles first, then assign them during the user invitation flow. See How to assign a Security Profile to a user.
Create a new Security Profile
Step 1: Navigate to Security Profiles
Go to AI Orchestrator → Users & Security → Security Profiles, or select Security Profiles from the Admin home card.
Step 2: Add a new profile
Click the + button in the top-right corner of the Security Profiles list.
Step 3: Name the profile
Enter a name for the profile in the Add Profile dialog and click Save. Choose a name that reflects the role or access level it represents (e.g. "End-User", "Data Analyst", "Operations Team").
The new profile will appear in the list with a status of Active and 0 users assigned.
Configure profile permissions
From the Security Profiles list, click Edit Permissions on the profile you want to configure.
This opens the permissions editor with five tabs. Work through each tab and click Save after making changes. Permissions are additive — only what is explicitly enabled is accessible to users under this profile.
Tab 1: Access to Dashboards
This tab controls which Dashboard-type screens within AI Apps users can access.
Step 1: Open the Dashboards tab
Select the Access to Dashboards tab. Apps that contain Dashboard screens are listed with a (granted/total) counter showing how many screens are currently enabled.
Step 2: Select Dashboard screens
Expand an app by clicking its row. You will see:
- Access to all screens of this DataApp — a master toggle that enables all Dashboard screens in the app at once
- Individual screen checkboxes for granular control
- Bulk select / deselect buttons (top-right of the expanded section)
Enable the screens this profile should have access to, then click Save.
The list includes all Dashboard screens in the app — including those nested inside other screens or hidden from the main navigation. The
(granted/total)counter updates as you make selections.
Tab 2: Access to DataApps
This tab controls access to all non-Dashboard screen types within AI Apps — including Page Layout, AI Assistant, Calendar, Map, Data Forms Insights, Custom screens, and others.
Step 1: Open the DataApps tab
Select the Access to DataApps tab. All apps in the Workarea are listed with a (granted/total) counter.
Step 2: Select screens
Expand an app to see its screens. Use the "Access to all screens of this DataApp" master toggle for full access, or select individual screens. Click Save.
Apps with many screens (some contain 30–60+) can use the bulk select buttons to speed up configuration. Hidden and nested sub-screens appear in this list.
Tab 3: Access to Reasoning Knowledge
This tab controls which Knowledge Nodes users can access, at the individual node level within each group.
Step 1: Open the Reasoning Knowledge tab
Select the Access to Reasoning Knowledge tab. Knowledge Nodes are organized in collapsible groups. Each group shows a (granted/total) counter.
Step 2: Select Knowledge Nodes
Expand a group and enable the individual Knowledge Nodes this profile should have access to. Click Save.
This is the most granular access layer in ARPIA. Granting access to a group does not automatically grant access to all nodes within it — each node must be enabled individually unless you use the bulk select control.
Tab 4: MCP / API Collection
This tab controls which MCP and API Collections are exposed to users under this profile.
Step 1: Open the MCP / API Collection tab
Select the MCP / API Collection tab. Available collections are listed under Available Collections with a (granted/total) counter.
Step 2: Enable collections
Check the collections this profile should have access to. Use the bulk select / deselect buttons to manage multiple collections at once. Click Save.
Tab 5: Administrative Settings
This tab controls access to platform modules and administrative capabilities across three categories.
Step 1: Open the Administrative Settings tab
Select the Administrative Settings tab. Three expandable categories are shown: Arpia AI Platform (21 flags), Security Options (3 flags), and Other Options (6 flags).
Step 2: Select permissions
Enable the flags appropriate for this profile. Each category has its own bulk select / deselect controls. Click Save.
Use caution with Administrative Settings. Flags in this tab grant access to platform configuration, user management, billing, and WorkArea controls. For end-user profiles, these should typically remain unchecked. Refer to the Security Profiles reference doc for a full description of each flag.
