Skip to main content
Cognee Cloud enforces access control at the dataset level. Each dataset gets its own Kuzu graph database and LanceDB vector store, ensuring complete data isolation. For the full permissions system documentation, see Cognee Permissions System.

Dataset isolation

  • Each dataset maintains separate storage namespaces.
  • Search queries only return results from datasets the user has access to.
  • Scoped search (single dataset) and combined search (across accessible datasets) are both supported.

Managing members from the UI

The Members page (open the Profile menu in the top-right corner and select Members) lists everyone in the current tenant. From this page the tenant owner can:
  • Invite new members by email — either one at a time or multiple addresses at once.
  • Remove existing members from the tenant.
Non-owner members see the same list of tenant members but cannot invite or remove anyone — the invite card and the per-row remove control are only shown to the owner.

Switching tenants

If your account belongs to more than one tenant, use the tenant switcher in the top bar to move between them. The selected tenant is remembered in your browser and used as the active workspace for datasets, search, and ingestion until you switch again.

Tenant management

Tenants group users and resources. Each Cognee Cloud workspace operates as a tenant. Platform API (api.aws.cognee.ai):
EndpointDescription
POST /api/v1/tenantsCreate a new tenant
DELETE /api/v1/tenantsRemove a tenant
GET /api/v1/tenants/currentGet current tenant details
GET /api/v1/tenants/current/service-urlGet the service URL for the tenant
POST /api/v1/tenants/usersAssign a user to a tenant
DELETE /api/v1/tenants/usersRemove a user from a tenant

Tenant selection and membership

EndpointDescription
POST /api/v1/permissions/tenants/selectSet the active tenant
GET /api/v1/permissions/tenants/meList tenants the authenticated user belongs to
GET /api/v1/permissions/tenants/{tenant_id}/usersList users in a tenant
These endpoints back the in-app workspace switcher and the Members page. Owners use the Members page to invite and remove teammates; non-owners see the roster but not the invite or remove controls. Users who belong to multiple tenants can switch between them without signing out — the selected tenant is persisted in the cognee_selected_tenant cookie.

Roles

Roles define what actions a user can perform within a tenant.
EndpointDescription
POST /api/v1/permissions/rolesCreate a new role
POST /api/v1/permissions/users/{user_id}/rolesAssign a role to a user
GET /api/v1/permissions/tenants/{tenant_id}/rolesList roles in a tenant
GET /api/v1/permissions/tenants/{tenant_id}/roles/{role_id}/usersList users with a specific role
GET /api/v1/permissions/tenants/{tenant_id}/roles/users/{user_id}Get roles for a specific user

Dataset permissions

Grant access to datasets for specific users or agents. POST /api/v1/permissions/datasets/{principal_id} — Grant dataset permissions to a principal. The principal_id is the UUID of any entity that can hold permissions — this includes both users and agents. The same endpoint is used regardless of whether you are granting access to a human user or to an agent service account. The permission_name query parameter controls the access level: read, write, or delete. 
# Grant read access to a user
curl -X POST "https://your-tenant.aws.cognee.ai/api/v1/permissions/datasets/{user_id}?permission_name=read" \
  -H "X-Api-Key: your-key" \
  -H "Content-Type: application/json" \
  -d '["dataset-uuid-1", "dataset-uuid-2"]'

# Grant read access to an agent (same endpoint, different principal_id)
curl -X POST "https://your-tenant.aws.cognee.ai/api/v1/permissions/datasets/{agent_id}?permission_name=read" \
  -H "X-Api-Key: your-key" \
  -H "Content-Type: application/json" \
  -d '["dataset-uuid-1"]'
This is the same mechanism used by the Connections UI when you share a dataset with an agent.

Roles vs. direct permissions

Roles and direct dataset permissions work together:
  • Roles define a reusable set of capabilities within a tenant (e.g., “viewer”, “editor”). Assign a role to a user via POST /api/v1/permissions/users/{user_id}/roles, and that user inherits the role’s permissions across the tenant.
  • Direct dataset permissions grant access to specific datasets for a specific principal. Use the datasets/{principal_id} endpoint above to give a user or agent access to individual datasets, independent of their role.
Both mechanisms can be combined: a user can have a tenant-level role and additional per-dataset grants.
For a complete walkthrough of permission patterns, see Permission Snippets and the Cognee Permissions System.