Access Control
Lore DB uses role-based access control at both the library and system level. Every action is checked against the user’s permissions.
Role hierarchy
Roles apply at both library and system level: Owner > Editor > Viewer.
| Permission | viewer | editor | owner |
|---|---|---|---|
| Search & read documents | Yes | Yes | Yes |
| Ask AI against documents | Yes | Yes | Yes |
| Add documents to library | No | Yes | Yes |
| Remove documents from library | No | Yes | Yes |
| Create documents in library | No | Yes | Yes |
| Edit/delete documents | No | Yes | Yes |
| Manage members | No | No | Yes |
| Edit library/system settings | No | No | Yes |
| Generate invite links | No | No | Yes |
| Delete library/system | No | No | Yes |
How access is determined
A user can access a document if:
- They are an active member of a library containing that document, AND
- That library (or a system containing it) is active (toggled on)
Access paths:
- Direct — User is a member of a library containing the document
- Via system — User is a member of a system that contains a library with the document
Active/inactive toggles
Both libraries and systems have per-user active/inactive toggles:
- Active — Documents are included in search, Ask AI, and MCP tool results
- Inactive — Documents are hidden from all search and AI operations
Important behaviors:
- Disabling a system disables all its libraries, even if you have direct library membership
- If a library is in multiple systems, it stays accessible as long as at least one system is active
- Libraries not in any system use only their own
LibraryMember.is_activetoggle - Toggles are per-user — they don’t affect other members
Admin access
Admins have additional permissions managed separately:
- Access to the Admin panel (models, users, referrals, usage)
- Manage AI models and plans
- View usage for all users
- Add/remove other admins
- Run reindex operations
Removing yourself as an admin is permanent. Make sure there’s at least one other admin before doing so.
For Admins
Managing AI models
In the Admin panel, you can enable or disable AI models. Only enabled models appear in user settings.
Managing plans
Configure subscription plans — document limits, library limits, and pricing for each tier.
Viewing usage
The Admin panel shows a leaderboard of all users and their usage, broken down by MCP and API requests.
Managing admins
Add or remove admins by email. Admins have access to the Admin panel and can manage all system-wide settings.