RBAC & Permission Management
Role Hierarchy
| Level | Role | Description |
|---|---|---|
| 4 | Owner | Full access; can delete org, manage billing |
| 3 | Admin | Manage users, roles, and all resources |
| 2 | Compliance Officer | View mandates, evidence, jurisdiction data, alerts |
| 1 | Developer | Create mandates, register agents, record actions |
| 0 | Read-only | View dashboards and reports |
Role Details
- Owner — Full administrative control. Can delete the organization, manage billing and plan subscriptions, and transfer ownership.
- Admin — Manage users and role assignments. Full read/write access to all resources except billing.
- Compliance Officer — Read-only access to mandates, evidence packages, jurisdiction evaluations, and alerts. Cannot create or modify resources.
- Developer — Default role for API keys. Can create mandates, register agents, record actions, and generate evidence.
- Read-only — Dashboard and report access only. No write operations.
Access Controls
- API keys are scoped to Developer level by default.
- IP allowlisting restricts access to trusted networks.
- SSO is available for identity provider integration.
Role management is performed through the Admin panel in the dashboard.