Currently, Phoenix does not support project-level access control. The platform provides role-based access control (RBAC) at a more general level, allowing for admin and member roles, but it does not extend to granular project-level permissions. According to <https://github.com/Arize-ai/phoenix/issues/6685|this GitHub issue>, there is interest in more granular access control, but it is not yet implemented.
For your use case, you might need to deploy separate instances of Phoenix for different areas of the business to ensure data segregation and access control. Alternatively, you could explore using middleware to implement custom access control based on OAuth roles, as suggested in <https://github.com/Arize-ai/phoenix/issues/5333|this GitHub issue>.
Would you like more detail on how to set up separate instances or implement custom middleware?
Sources:
- <https://github.com/Arize-ai/phoenix/issues/6685|GitHub Issue: Authorization beyond Authentication>
- <https://github.com/Arize-ai/phoenix/issues/5333|this GitHub issue>
