Members and Roles
A Member is an authenticated user of Releval. Each member has one or more roles that determine what they can do.
Roles
Releval defines three roles, ordered by privilege:
| Role | Privilege level | What it can do |
|---|---|---|
| Admin | Highest | Everything a Member can do, plus invite new members, archive/restore members, assign roles, and manage shared resources (e.g. shared AI judges). |
| Member | Mid | Create and manage their own endpoints, evaluations, query sets, query templates, judgments, app clients, and personal AI judges. |
| Rater | Lowest | A scoped role for relevance raters. Raters can view evaluation runs and submit judgments. |
Members can hold multiple roles simultaneously. A member can only assign roles at or below their own highest role. For example, an Admin can grant Admin/Member/Rater, a Member can grant Member/Rater, and a Rater can't grant any roles.
Inviting members
Admins invite members by email. The invited member receives a link to set a password and complete registration.
In the UI
- Navigate to Settings → Members and click Invite.
- Enter the email address and select the role to assign.
- Click Send Invitation.
Using the API
curl -X POST "https://${RELEVAL_HOST}/api/v1/members/invite" \
-H 'Content-Type: application/json' \
-H "Authorization: Bearer ${TOKEN}" \
-d '{
"email": "rater@example.com",
"roles": ["Rater"]
}'
Email invitations require a configured SMTP server. Without SMTP, members must use the self-registration flow (if enabled) or be created manually.
Self-registration
Self-registration is disabled by default: new members must be added through admin invitations. When enabled, members can register with email and password from the login page, then confirm their email address before they can log in. Self-registered members are granted the Member role.
Two configuration knobs control the flow, both documented in Authentication configuration:
Registration__Enabled: set totrueto allow members to register themselves instead of being invited.Registration__AllowedDomain: restrict registration to a single email domain (e.g.example.com), useful for in-company deployments.
Resending an invitation
If the original invitation email was lost or expired:
curl -X POST "https://${RELEVAL_HOST}/api/v1/members/${MEMBER_ID}/resend-invitation" \
-H "Authorization: Bearer ${TOKEN}"
Listing members
curl "https://${RELEVAL_HOST}/api/v1/members?page=1&page_size=25" \
-H "Authorization: Bearer ${TOKEN}"
Non-Admin members see only active members. Admins see active and archived members.
Archiving and restoring members
Archiving (soft-deleting) a member prevents them from logging in but preserves their data: their judgments, evaluations, and other resources stay attached to their archived account.
curl -X DELETE "https://${RELEVAL_HOST}/api/v1/members?member_id=${MEMBER_ID}" \
-H "Authorization: Bearer ${TOKEN}"
Restore an archived member:
curl -X PUT "https://${RELEVAL_HOST}/api/v1/members/${MEMBER_ID}/restore" \
-H "Authorization: Bearer ${TOKEN}"
You cannot archive your own account.
Account settings
Each member manages their own profile through the Account API:
# View own info
curl "https://${RELEVAL_HOST}/api/v1/accounts/info" \
-H "Authorization: Bearer ${TOKEN}"
# Update name
curl -X POST "https://${RELEVAL_HOST}/api/v1/accounts/info" \
-H 'Content-Type: application/json' \
-H "Authorization: Bearer ${TOKEN}" \
-d '{ "first_name": "Jane", "last_name": "Doe" }'
# Change password
curl -X POST "https://${RELEVAL_HOST}/api/v1/accounts/update-password" \
-H 'Content-Type: application/json' \
-H "Authorization: Bearer ${TOKEN}" \
-d '{ "current_password": "OldPassword1!", "new_password": "NewPassword1!" }'