Permissions

Access roles

Understand what each Archibot role can see and which tasks belong to admins, members, operators, and platform admins.

Customer adminsCustomer membersPlatform operatorsPlatform admins
Access roles

Role summary

Archibot uses role-aware navigation so users see the pages they are responsible for. The same Console URL may show different pages to different people from the same customer account.

RoleMain responsibilitiesHidden by design
Customer memberCreate, start, use, launch, and stop workspaces.Account setup, billing review, platform controls, sibling customers.
Customer adminComplete setup, invite users, review customer readiness, and view usage.Platform license controls and unrelated customers.
Platform operatorAssist onboarding, billing handoff, SSO source setup, target readiness, and support.Platform-admin-only license and global controls unless also an admin.
Platform adminPerform platform-wide review and licensed configuration tasks.Nothing customer-specific should be changed without a clear operational reason.

How to confirm your role

  1. Sign in to Console.
  2. Open the navigation.
  3. Compare the visible pages with the role summary table.
  4. If your role looks wrong, sign out and sign in again before asking for support.
  5. If it remains wrong, ask a customer admin or ISM operator to check your customer group assignment.

Customer member boundaries

Customer members can use workspaces but cannot complete account setup or review customer analytics. That is intentional. A member who needs billing state, onboarding status, or usage totals should ask a customer admin.

Customer admin boundaries

Customer admins manage their own account only. They should not see sibling customer accounts, internal-only operator notes, platform license controls, raw provider identifiers, or hidden credentials.

Operator boundaries

Operators use Console to record customer-visible launch context and internal next actions. Keep credentials, private risk notes, and raw provider payloads out of customer-visible fields.

Platform admin boundaries

Platform admin access is for platform-wide controls such as License. Use it only when the action genuinely requires global authority, and keep customer-impacting work recorded in the relevant customer setup or support flow.

Done When

  • Customer members can see workspace and backup actions.
  • Customer admins can also see Account Setup and Analytics.
  • Platform operators can see Tenant Admin and Analytics.
  • Only platform admins can see License.