Members and Roles
A Member is an authenticated user of Releval. Each member has one or more roles that determine what they can do.
Roles
Releval defines three roles, ordered by privilege:
| Role | Privilege level | What it can do |
|---|---|---|
| Admin | Highest | Everything a Member can do, plus invite new members, archive/restore members, assign roles, and manage shared resources (e.g. shared AI judges). |
| Member | Mid | Create and manage their own endpoints, evaluations, query sets, query templates, judgments, app clients, and personal AI judges. |
| Rater | Lowest | A scoped role for relevance raters. Raters can view evaluation runs and submit judgments. |
Members can hold multiple roles simultaneously. A member can only assign roles at or below their own highest role — for example, an Admin can grant Admin/Member/Rater, a Member can grant Member/Rater, and a Rater can't grant any roles.
Inviting members
Admins invite members by email. The invited member receives a link to set a password and complete registration.
In the UI
- Navigate to Members and click Invite.
- Enter the email address and select the role to assign.
- Click Send Invitation.
Using the API
curl -X POST "https://${RELEVAL_HOST}/api/v1/members/invite" \
-H 'Content-Type: application/json' \
-H "Authorization: Bearer ${TOKEN}" \
-d '{
"email": "rater@example.com",
"roles": ["Rater"]
}'
Email invitations require a configured SMTP server. Without SMTP, members must use the self-registration flow (if enabled) or be created manually.
Self-registration
Self-registration is enabled by default. New members sign up with email and password from the login page, then confirm their email address before they can log in. Self-registered members are granted the Member role.
Two configuration knobs control the flow — both documented in Authentication configuration:
Registration__Enabled— turn self-registration off to require admin invitations for every new member.Registration__AllowedDomain— restrict registration to a single email domain (e.g.example.com), useful for in-company deployments.
If self-registration is disabled, members must be added through invitations.
Resending an invitation
If the original invitation email was lost or expired:
curl -X POST "https://${RELEVAL_HOST}/api/v1/members/${MEMBER_ID}/resend-invitation" \
-H "Authorization: Bearer ${TOKEN}"
Listing members
curl "https://${RELEVAL_HOST}/api/v1/members?page=1&page_size=25" \
-H "Authorization: Bearer ${TOKEN}"
Non-Admin members see only active members. Admins see active and archived members.
Archiving and restoring members
Archiving (soft-deleting) a member prevents them from logging in but preserves their data: their judgments, evaluations, and other resources stay attached to their archived account.
curl -X DELETE "https://${RELEVAL_HOST}/api/v1/members?member_id=${MEMBER_ID}" \
-H "Authorization: Bearer ${TOKEN}"
Restore an archived member:
curl -X PUT "https://${RELEVAL_HOST}/api/v1/members/${MEMBER_ID}/restore" \
-H "Authorization: Bearer ${TOKEN}"
You cannot archive your own account.
Account settings
Each member manages their own profile through the Account API:
# View own info
curl "https://${RELEVAL_HOST}/api/v1/accounts/info" \
-H "Authorization: Bearer ${TOKEN}"
# Update name
curl -X POST "https://${RELEVAL_HOST}/api/v1/accounts/info" \
-H 'Content-Type: application/json' \
-H "Authorization: Bearer ${TOKEN}" \
-d '{ "first_name": "Jane", "last_name": "Doe" }'
# Change password
curl -X POST "https://${RELEVAL_HOST}/api/v1/accounts/update-password" \
-H 'Content-Type: application/json' \
-H "Authorization: Bearer ${TOKEN}" \
-d '{ "current_password": "OldPassword1!", "new_password": "NewPassword1!" }'