This page explains where feature switches, role permission switches, roleNames, and workspace capabilities are controlled, what backend data seeds them, and how default values take effect.Documentation Index
Fetch the complete documentation index at: https://docs.xpertai.cn/llms.txt
Use this file to discover all available pages before exploring further.
Control Sources And Defaults
| Switch type | Where it is controlled | Backend source | Default rule | Notes |
|---|---|---|---|---|
Feature switch, for example FEATURE_XPERT | Settings / Feature: /settings/features/tenant and /settings/features/organization | Feature definitions are seeded from DEFAULT_FEATURES; tenant and organization overrides are stored as feature-organization rows. | A feature resolves to enabled by default. If a matching environment toggle exists and is exactly false, the resolved default becomes disabled; if no matching environment toggle exists, the resolved default is enabled. Tenant and organization rows copy the resolved feature value when created. | Reading switches requires ALL_ORG_VIEW; updating switches requires ALL_ORG_EDIT; system upgrade/backfill requires SUPER_ADMIN. |
Role permission switch, for example ALL_ORG_EDIT | Settings / Roles: /settings/roles | Role permission rows are seeded from DEFAULT_ROLE_PERMISSIONS. | Seeded role-permission rows are enabled for the roles listed in the default permission table below; unlisted role-permission pairs are off or absent by default. | Changing role permissions requires CHANGE_ROLES_PERMISSIONS. SUPER_ADMIN role permissions cannot be modified or deleted through the role-permission API. |
roleName check, for example SUPER_ADMIN or ADMIN | User role assignment | Route guards or backend decorators check the current user’s role. | The default system roles are SUPER_ADMIN, ADMIN, TRIAL, AI_BUILDER, ANALYTICS_BUILDER, and VIEWER. | This is not a feature switch. The role must be assigned to the user. |
Workspace capability, for example workspace.capabilities.canManage | Workspace ownership, membership, visibility, and sharing rules | Computed workspace capability, not a role-permission enum. | No global on/off default in the role-permission matrix. | Used by Xpert workspace actions after the user has entered the Xpert feature. |
Default Feature Switches By Module
| Module | Feature switches | Default value | Control / fallback |
|---|---|---|---|
| Platform home | FEATURE_HOME, FEATURE_DASHBOARD | Enabled by default. | Hardcoded as enabled in the platform default feature definition. The current dashboard menu entry is commented out; Analytics children under Home are controlled separately by FEATURE_HOME_CATALOG and FEATURE_HOME_TREND. |
| Platform settings | FEATURE_ORGANIZATION, FEATURE_USER, FEATURE_EMAIL, FEATURE_EMAIL_TEMPLATE, FEATURE_SETTING, FEATURE_FILE_STORAGE, FEATURE_SMTP, FEATURE_ROLES_PERMISSION, FEATURE_INTEGRATION | Enabled by default. | Matching environment variables can resolve the feature as disabled only when they are exactly false; a feature without a matching environment toggle resolves to enabled. After seeding, tenant/organization switches are maintained from Settings / Feature. |
| Platform defaults not seeded | FEATURE_SMS_GATEWAY | Not seeded as an enabled feature row in the current default feature list. | The enum and environment toggle exist, but the SMS Gateway child entry is commented out in the default feature definition. |
| AI / Copilot | FEATURE_COPILOT, FEATURE_COPILOT_KNOWLEDGEBASE, FEATURE_COPILOT_CHAT | Enabled by default. | Controlled by environment seed value plus tenant/organization feature switches. |
| AI / Xpert | FEATURE_XPERT | Enabled by default. | Controlled by environment seed value plus tenant/organization feature switches. |
| AI / Xpert child entries | FEATURE_XPERT_CLAWXPERT, FEATURE_XPERT_CHATBI, FEATURE_XPERT_CODEXPERT, FEATURE_XPERT_DEEP_RESEARCH | Enabled by default in the seeded AI feature definition. | These are child switches under Xpert and are still evaluated with the tenant/organization feature rows at runtime. |
| BI / Analytics | FEATURE_BUSINESS_AREA, FEATURE_INDICATOR, FEATURE_INDICATOR_MARKET, FEATURE_INDICATOR_REGISTER, FEATURE_INDICATOR_APP, FEATURE_MODEL, FEATURE_STORY, FEATURE_PROJECT, FEATURE_HOME_CATALOG, FEATURE_HOME_TREND | Enabled by default. | Analytics feature definitions are appended into the system default feature list during analytics module preparation. |
| BI / Data Factory | FEATURE_DATA_FACTORY | Not seeded as an enabled feature row in the current default feature list. | The enum exists, but the default feature definition is currently commented out; confirm concrete entry behavior before relying on it as a visible switch. |
| Permission-only pages | Organizations, Feature maintenance, Tenant settings, Plugins | No feature switch in this matrix. | These entries are controlled by role permissions or roleName checks instead of feature switches. |
Default Permission Switches By Role
These defaults describe seed-time role-permission rows. They can be changed from Settings / Roles for non-SUPER_ADMIN roles when the current user has CHANGE_ROLES_PERMISSIONS.
| Permission group | Permissions | Enabled by default for | Notes |
|---|---|---|---|
| Tenant and organization administration | ALL_ORG_VIEW, ALL_ORG_EDIT, CHANGE_SELECTED_ORGANIZATION, CHANGE_ROLES_PERMISSIONS | SUPER_ADMIN, ADMIN, TRIAL | ALL_ORG_EDIT is the switch that allows updating tenant/organization feature switches and tenant-level organization/user operations. |
| User viewing | ORG_USERS_VIEW | SUPER_ADMIN, ADMIN, TRIAL, AI_BUILDER | AI_BUILDER can view organization users by default. |
| User maintenance | ORG_USERS_EDIT | SUPER_ADMIN, ADMIN, TRIAL | Create, edit, and maintain organization users. |
| Invite administration | ORG_INVITE_VIEW | SUPER_ADMIN, ADMIN, TRIAL, AI_BUILDER | View invite records. |
| Invite maintenance | ORG_INVITE_EDIT | SUPER_ADMIN, ADMIN, TRIAL | Create, resend, and delete invites. |
| Integration viewing | INTEGRATION_VIEW | SUPER_ADMIN, ADMIN, TRIAL, AI_BUILDER | AI builders can view integrations by default. |
| Email and SMTP settings | VIEW_ALL_EMAIL_TEMPLATES, CUSTOM_SMTP_VIEW | SUPER_ADMIN, ADMIN, TRIAL | Settings entries outside AI and BI. |
| Integration edit | INTEGRATION_EDIT | SUPER_ADMIN, ADMIN, TRIAL, AI_BUILDER | AI builders can edit integrations by default. |
| High-risk administration | SUPER_ADMIN_EDIT, ACCESS_DELETE_ACCOUNT, ACCESS_DELETE_ALL_DATA | SUPER_ADMIN | Delete-account and delete-all-data permissions are removed in demo mode. |
| AI read/use | COPILOT_VIEW, CHAT_VIEW | All default roles | CHAT_VIEW is available to SUPER_ADMIN, ADMIN, TRIAL, AI_BUILDER, ANALYTICS_BUILDER, and VIEWER. |
| AI build/manage | XPERT_EDIT | SUPER_ADMIN, ADMIN, TRIAL, AI_BUILDER, ANALYTICS_BUILDER | VIEWER does not get XPERT_EDIT by default. |
| AI administration | COPILOT_EDIT, KNOWLEDGEBASE_EDIT | SUPER_ADMIN, ADMIN, TRIAL, AI_BUILDER | ANALYTICS_BUILDER and VIEWER do not get these edit permissions by default. |
| BI view | MODELS_VIEW, STORIES_VIEW | All default roles | These are the broadest BI view defaults. |
| BI build/manage | DATA_SOURCE_VIEW, DATA_SOURCE_EDIT, MODELS_EDIT, STORIES_EDIT, BUSINESS_AREA_EDIT, CERTIFICATION_EDIT, INDICATOR_EDIT, DATA_FACTORY_VIEW, DATA_FACTORY_EDIT | SUPER_ADMIN, ADMIN, TRIAL, ANALYTICS_BUILDER | AI builders do not get these BI edit permissions by default. |
| BI read-only extras | BUSINESS_AREA_VIEW, INDICATOR_VIEW, INDICATOR_MARTKET_VIEW | SUPER_ADMIN, ADMIN, TRIAL, ANALYTICS_BUILDER, VIEWER | Viewer can view these BI areas but cannot edit them by default. |
Default Roles
| roleName | Default access scope |
|---|---|
SUPER_ADMIN | Full platform, AI, and BI administration permissions, including super-admin-only abilities and dangerous delete abilities. |
ADMIN | Most platform, AI, and BI administration permissions, excluding super-admin-only abilities and dangerous delete abilities. |
TRIAL | Full AI permissions, BI builder permissions for models/stories/indicators, and most platform administration permissions. Some operations are still restricted separately. |
AI_BUILDER | AI building capabilities. On the platform side, can view/edit integrations and view organization users/invites. On the BI side, mainly model and story viewing. |
ANALYTICS_BUILDER | BI building capabilities. On the AI side, can enter chat and build Xperts, but cannot edit Copilot or knowledge bases. |
VIEWER | Read-oriented role. Can enter chat, view part of BI content, and mainly use profile and organization switching on the platform side. |