Production

Sign in

Roles & Access

Manage organization roles, permissions and access policies synced with Logto.

Total roles

6

Synced from Logto

System roles

6

Protected roles

Privileged users

3

Owner/Admin access

Access policies

3

Active controls

Last sync

Now

Logto connected

Role definitions

Roles available in this organization. System roles are synced from Logto and policy metadata is stored in Directus.

Owner

Full ownership of workspace, billing, members and security settings.

System

Members

1

Scope

Organization

Highest access

Admin

Administrative access to members, roles, apps and security settings.

System

Members

2

Scope

Organization

Admin

Billing Admin

Manage billing profile, invoices, payment methods and subscriptions.

System

Members

1

Scope

Billing

Billing

App Admin

Configure application access, requests and provisioning settings.

System

Members

3

Scope

Applications

Apps

Member

Standard workspace access to assigned applications.

System

Members

32

Scope

Workspace

Default

Viewer

Read-only access to workspace resources and audit visibility.

System

Members

3

Scope

Workspace

Read only

Permission matrix

Effective administrative access by role.

PermissionOwnerAdminBilling AdminApp AdminMemberViewer
Manage membersFullFullDeniedLimitedDeniedDenied
Manage rolesFullFullDeniedDeniedDeniedDenied
Manage billingFullLimitedFullDeniedDeniedRead only
Manage applicationsFullFullRead onlyFullLimitedRead only
View audit logsFullFullLimitedLimitedDeniedRead only
Manage securityFullFullDeniedLimitedDeniedRead only
Manage organization profileFullFullLimitedLimitedRead onlyRead only

Access policies

Controls that apply to privileged and administrative roles.

Require MFA for admins

Owner, Admin and Billing Admin must use multi-factor authentication.

Enabled

Restrict billing access

Only Owner and Billing Admin can manage billing settings.

Enabled

Review privileged roles

Admin and Owner assignments should be reviewed every billing cycle.

Needs review