Skip to main content
Eval Labs access is role-based. Evaluators have the full evaluator workbench, testers have a narrower prompt-testing lane, and owner/admin retain oversight surfaces.

Current roles

Eval Labs currently uses these roles:
  • owner: full access
  • admin: full privileged operational access
  • evaluator: full evaluator workbench and own-run review/history access
  • tester: entry-level prompt-testing lane
  • unassigned or missing role: limited/no protected access
Missing or unclear access should fail closed. Read the canonical matrix: Eval Labs Roles and Access Matrix.

What evaluators can use

Allowed:
  • /lucia/custom
  • /lucia/auto-generated
  • /guest-facing/verification
  • /guest-facing/verification/results
  • /lucia/batch-runner
  • /lucia/automated/runs for your own scoped runs
  • /runs/:sessionId/running for your own scoped runs
  • /runs/:sessionId/review for your own scoped runs
  • /runs/:sessionId/review?eval=:caseId for your own scoped runs
You can review and finalize your own assigned/scoped runs.

What evaluators cannot use

Blocked unless explicitly allowed later:
  • /analysis
  • /experiments
  • /analysis/runs/:sessionId
  • /team-review
  • /team-review/evaluators/:evaluatorKey
  • /registry-diagnostics
  • /dataset-diagnostics
  • /behavioral-observatory
Also blocked:
  • all-user analytics
  • cleanup/tools
  • Global Analysis surfaces
  • Team Review
  • Global Analysis
  • Registry Diagnostics
  • Behavioral Observatory
  • Single Run Analysis

Tester distinction

Tester is not the same as evaluator. Testers can use:
  • Custom Prompt Test
  • Auto-generated Prompt Test
Testers cannot use verification, Controlled Batch Runner, Team Review, Global Analysis, Registry Diagnostics, Behavioral Observatory, or owner/admin tools.

Active hardening

The evaluator workspace has been redesigned into a premium onboarding/workspace surface, but polish remains active hardening. If you expected to see a surface, ask an owner/admin. Do not work around the role boundary.