Security

Progrid AI Lead Research uses a role-based access control model with two user groups. Access is managed through standard Progrid security groups and record rules, giving administrators fine-grained control over who can create research jobs, view results, and modify configuration settings.

User groups

AI Research User

The AI Research User group (progrid_ai_research.group_ai_research_user) is the base access level for team members who need to run research jobs and review results.

Permissions:

Model	Create	Read	Update	Delete
Research Jobs (Progrid.research.job)	Yes	Yes	Yes (own)	No
Research Results (Progrid.research.result)	No	Yes	No	No
Fetch Cache (Progrid.fetch.cache)	No	Yes	No	No
Research Wizard (Progrid.research.wizard)	Yes	Yes	Yes	Yes

Record rules:

• Users can only modify research jobs they created (user_id = current user)

• Users can view all research results, but cannot edit or delete them

• Cache records are read-only for all users in this group

AI Research Manager

The AI Research Manager group (progrid_ai_research.group_ai_research_manager) extends the User group with full administrative capabilities.

Permissions:

Model	Create	Read	Update	Delete
Research Jobs (Progrid.research.job)	Yes	Yes	Yes (all)	Yes
Research Results (Progrid.research.result)	Yes	Yes	Yes	Yes
Fetch Cache (Progrid.fetch.cache)	Yes	Yes	Yes	Yes
Configuration Settings	Yes	Yes	Yes	Yes

Additional capabilities:

• Full CRUD access to all research jobs, regardless of creator

• Access to CRM ‣ AI Research ‣ Configuration ‣ Settings

• Cache management (clear cache, view cache statistics)

• Access to CRM ‣ AI Research ‣ Configuration ‣ Provider Status

Assigning groups

To assign a user to one of the AI Research groups:

1. Navigate to Settings ‣ Users & Companies ‣ Users.

2. Select the user to configure.

3. Scroll to the CRM section (or Other section, depending on layout).

4. In the AI Research field, select either User or Manager.

5. Click Save.

Note

The Manager group implies the User group. A user assigned to the Manager group automatically inherits all User permissions.

Record rules

The module defines the following record rules to control data visibility:

Research job ownership

Users in the AI Research User group can only edit and monitor their own research jobs. The record rule filters jobs where the Responsible field (user_id) matches the current logged-in user. Managers bypass this rule and can access all jobs.

Result visibility

All users in either group can view all research results. This allows team members to benefit from research conducted by colleagues. However, only managers can modify or delete result records.

Cache isolation

Cache records (Progrid.fetch.cache) are shared across the system to maximize deduplication benefits. Users can view cached content but cannot modify or delete cache entries. Only managers have write access to cache records, typically used when clearing stale cache entries.

Menu access

Menu visibility is controlled by group membership:

Menu Item	User	Manager
CRM ‣ AI Research ‣ Research Jobs	Yes	Yes
CRM ‣ AI Research ‣ Results	Yes	Yes
CRM ‣ AI Research ‣ My Results	Yes	Yes
CRM ‣ AI Research ‣ Dashboard	Yes	Yes
CRM ‣ AI Research ‣ Reports	Yes	Yes
CRM ‣ AI Research ‣ Configuration ‣ Provider Status	No	Yes
CRM ‣ AI Research ‣ Configuration ‣ Settings	No	Yes
CRM ‣ AI Research ‣ Configuration ‣ Cache Management	No	Yes
CRM ‣ AI Research ‣ Advanced ‣ Queue Jobs	No	Yes
CRM ‣ AI Research ‣ Advanced ‣ System Parameters	No	Yes

Important

The Advanced menu is restricted to system administrators (superusers) in addition to requiring the Manager group. Regular managers may see the Configuration menus but not the Advanced section unless they also have system administration privileges.