Skip to main content

Documentation Index

Fetch the complete documentation index at: https://braintrust.dev/docs/llms.txt

Use this file to discover all available pages before exploring further.

Applies to:
  • Plan -
  • Deployment -
Summary Prevent non-admin users from adding AI provider credentials at the project level by removing the Update permission from their project access. This ensures all LLM traffic routes through organization-configured providers (like Bedrock) while blocking users from adding their own provider keys that could bypass security controls.

Configuration Steps

Step 1: Configure organization-level AI providers

Set up your approved AI provider credentials (for example, Bedrock) at the organization level on the AI providers settings page. These credentials are available to all projects and users.

Step 2: Remove Update permission from non-admin users

In project settings, ensure non-admin users or permission groups do not have the Update permission. Users without Update cannot add or modify AI provider credentials at the project level. The Project AI providers section on the AI providers page is hidden for these users.

Step 3: Create restricted permission groups

Create custom permission groups with Read, Create, and Delete permissions while excluding Update. Assign non-admin users to these groups to allow normal project work without AI provider modification capabilities.

Key Behaviors

  • The Update permission controls the ability to modify project resources, including adding AI providers.
  • Organization-level AI provider credentials remain accessible to all users regardless of project permissions.
  • Project-level AI provider additions are disabled for users without Update permission.
  • Organization admins can always manage org-level credentials on the AI providers settings page.