User Roles¶
Understanding user roles and permissions in ByteFreezer.
Role Types¶
ByteFreezer has three main role types:
System Admin¶
System administrators have full access to all features and all accounts. This role is reserved for ByteFreezer platform operators.
Capabilities:
- Manage all accounts, tenants, and datasets
- Create and manage all users
- Access system-wide settings and monitoring
- View audit logs across all accounts
Account Admin¶
Account administrators have full access within their assigned account(s).
Capabilities:
- Manage tenants and datasets within their account
- Create and manage users within their account
- Configure transformation pipelines
- Manage enrichers and data settings
- View account-specific audit logs
User (Read Only)¶
Standard users have limited access based on their assigned permissions.
Capabilities:
- View tenants and datasets (read-only by default)
- View transformation configurations
- View data statistics and metrics
- Cannot create or modify resources unless granted
Permission Matrix¶
| Action | System Admin | Account Admin | User |
|---|---|---|---|
| View data/dashboards | ✓ | ✓ | ✓ |
| Manage tenants/datasets | ✓ | ✓ | ✗ |
| Configure transformations | ✓ | ✓ | ✗ |
| Manage enrichers | ✓ | ✓ | ✗ |
| Manage users | ✓ | ✓* | ✗ |
| View audit logs | ✓ | ✓* | ✗ |
| Manage accounts | ✓ | ✗ | ✗ |
*Account Admins can only manage users and view logs within their own account(s)
Managing Users¶
Creating a User¶
- Navigate to Auth & Users in the dashboard
- Click Create User
- Enter the user's email and name
- Select the appropriate role
- Assign to one or more accounts (for Account Admin or User roles)
- Click Create
Note
New users will receive an email with instructions to set their password.
Deactivating a User¶
To temporarily disable a user without deleting them:
- Navigate to Auth & Users
- Find the user and click the toggle to deactivate
- The user will no longer be able to log in
Warning
Deleting a user is permanent. Consider deactivating instead if you may need to restore access later.
Best Practices¶
| Practice | Description |
|---|---|
| Principle of least privilege | Assign the minimum role needed for each user's job function |
| Regular audits | Periodically review user access and remove unnecessary permissions |
| Account separation | Use separate accounts for production vs. development environments |
| Strong passwords | Enforce password complexity requirements |