.png&w=640&q=75){kind=small}
Context
When setting up bulk export jobs in LangSmith, you may want to create a custom role with minimal permissions following the principle of least privilege. This ensures that if an API key is compromised, the potential security impact is limited to only the necessary operations.
Answer
The minimum set of permissions required for running bulk export jobs is:
Tracing Project: read
Runs: read
Workspaces: manage and read
The Workspaces: manage permission is currently required for bulk operations, even though it includes broader capabilities like managing users, service keys, and secrets. While this may seem excessive for export-only workflows, it is currently necessary for the bulk export functionality to work properly.
For detailed information about workspace permissions for bulk operations, refer to the bulk exports documentation.