Multi- teams project and permission within weaviate

We recently performed a migration from Weaviate version 1.24 to 1.25.0. A few days later, we also migrated our pods to a new non-preemptible node pool on GCP.

The current setup is working well for one of our team’s projects where we have indexed millions of vectors from a secured endpoint. However, we are planning to expand this setup to multiple projects and teams.


  1. What are the best practices for managing security and permissions within Weaviate for multiple projects and teams?
  2. How can we partition projects/teams on a single Weaviate instance deployed on Kubernetes?
  3. Alternatively, would it be better to deploy a separate Weaviate instance for each team?

Any advice or insights on how to effectively manage this would be greatly appreciated!

Thank you

hi @mathieu ! Welcome to our community! :hugs:

I will copy here the same answer I did for this slack message:

Right now we do not have RBAC (or Role Based Access Control). This means, for example, that you cannot create an API Key that will give access to only Collection A, B and C for example.

But worry not! We are working towards that!

Check here our roadmap that this is high in our list. Please, if you could, go to that github issue and leave your thumbs up

With that said, the best approach will be the one that works best, IMO.

You could deploy multiple Weaviate instances for teams. Or your team could agree on using only one cluster and always prepend the team name to the Collection.

Of course, for the second approach, as we do not have RBAC yet, means that any team could read/write the content of all teams.

Let me know if this helps