chore: add docs on restricting PAT creation

[bvs-langchain]

Overview

adds documentation on restricting PAT creation

• restrict per-user: use the new Organization Viewer role
• restrict for the entire organization: new pat_creation_disabled setting

Type of change

Type: Update existing documentation

Related issues/PRs

• GitHub issue:
• Feature PR:

• Linear issue: ent-126
• Slack thread:

Checklist

• I have read the contributing guidelines
• I have tested my changes locally using docs dev
• All code examples have been tested and work correctly
• I have used root relative paths for internal links
• I have updated navigation in src/docs.json if needed
• I have gotten approval from the relevant reviewers
• (Internal team members only / optional) I have created a preview deployment using the Create Preview Branch workflow

Additional notes

[github-actions]

Mintlify preview ID generated: preview-briane-1761853979-b16de2a

[Copilot]

Pull Request Overview

This PR documents the new "Organization Viewer" role and PAT (Personal Access Token) creation controls for LangSmith organizations. The changes clarify permission structures and provide guidance on restricting PAT creation.

• Documents new "Organization Viewer" role that cannot create PATs
• Adds documentation for API-based PAT creation controls
• Updates organization permissions table to include the new role

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File	Description
src/langsmith/manage-organization-by-api.mdx	Adds note about Organization Admin permissions requirement and documents API endpoints for disabling/enabling PAT creation organization-wide
src/langsmith/administration-overview.mdx	Introduces Organization Viewer role description, updates permissions table to include new role and PAT creation permissions, and removes asterisk footnotes from table entries

[Copilot]

[nitpick] The description for Organization User now spans three sentences with varying levels of emphasis (some bold, some not), making it harder to parse. Consider restructuring for consistency with the Organization Admin format: "Organization User may read organization information but cannot execute any write actions at the organization level. An Organization User can be added to a subset of workspaces and assigned workspace roles as usual (if RBAC is enabled), which specify permissions at the workspace level. An Organization User may create Personal Access Tokens."

Suggested change

	* `Organization User` may read organization information but cannot execute any write actions at the organization level. An `Organization User` may create Personal Access Tokens. **An `Organization User` can be added to a subset of workspaces and assigned workspace roles as usual (if RBAC is enabled), which specify permissions at the workspace level.**
	* `Organization User` may read organization information but cannot execute any write actions at the organization level. **An `Organization User` can be added to a subset of workspaces and assigned workspace roles as usual (if RBAC is enabled), which specify permissions at the workspace level. An `Organization User` may create Personal Access Tokens.**

[Copilot]

Pull Request Overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated no new comments.

[github-actions]

Mintlify preview ID generated: preview-briane-1761916482-c839573