Applies to:
- Plan:
- Deployment:
Project-level permission groups do not grant cross-project scorer access
Summary
Project-level permission groups let users work within a specific project and its child objects. They do not let users browse scorers that live in other projects. To view scorers across projects in the UI, the user also needs an organization-level permission group with Projects > Read enabled. If you need narrower access, use the API to grant organization-level projectRead restricted to prompt, which is where scorers reside. The standard permissions UI does not expose that prompt-only restriction.
Why this happens
- Project-level permissions only apply to the project where they are granted.
- Shared scorers are stored as prompts, and cross-project scorer discovery is checked through organization-level project read access.
- Users can belong to multiple permission groups. Their effective permissions are the union of all grants.
Recommended fix in the UI
Create a separate organization-level permission group for shared scorer visibility, then add the user to both groups:- Go to Settings > Organization > Permission groups.
- Create a new permission group, or edit an existing organization-level group used for shared scorer access.
- Open Permissions for that group.
- Under Projects, enable Read.
- Save the group.
- Add the affected user to:
- their project-scoped permission group
- the organization-level scorer-visibility group
- Refresh the playground or automation rules editor and verify the scorer list appears.
API-only least-privilege option
If organization-wide Projects > Read is too broad, create the scorer-visibility grant through the API instead of the UI:object_type = org_projectpermission = readrestrict_object_type = prompt
Notes
- If the user still cannot see scorers, verify that the scorer exists in another project and that the user still has the required project-level access for the project where they are working.