Skip to content

App role and permissions

Users granted access to an organization’s VIP Dashboard with an Org guest role can only interact with an organization’s applications for which they also have an assigned App role.

A user with an Org guest role can have one of three App roles assigned to them on a per-application basis (in order of fewest privileges to most): read, write, and admin.

This makes it possible for a user to have an App admin role for one application, an App read role for another, and no role (or access) at all for other applications in the organization.

List of permissions

PermissionApp readApp write
App admin
View software version information for an applicationYYY
View the Health dashboardYYY
View details for a WP-CLI commandYYY
View a list of WP-CLI commands that can be runYYY
View the IP Allow ListYYY
View Basic AuthenticationYYY
View a list of database backupsYYY
View a list of media backupsYYY
Perform data syncsYY
View a list of environmentsYY
View a list of domains for an environmentYY
Add domains to an environmentYY
Deactivate a domainYY
Activate a Let’s Encrypt certificate for a domainYY
Install and activate custom TLS certificates for a domainYY
Run WP-CLI commandsYY
Launch a siteYY
Set a domain as the primary domainYY
Create a pre-signed URL for self-service importsY Y
Start a self-service importYY
Download an environment’s database backupY
Download an environment’s media backupY
Add a new user to Basic AuthenticationY
Edit user credentials for Basic AuthenticationY
Delete a user in Basic AuthenticationY
Configure, update, and delete Log Shipping credentialsY
Enable and disable Log ShippingY
Configure, update, and delete Backup Shipping credentialsY
Enable and disable Backup ShippingY
Delete an IP in the IP Allow ListY
Add an IP to the IP Allow ListY
View the Application’s Audit LogY
Enable, configure, and disable HSTSY

Assign an App role

The settings panel for assigning an App role to a user is accessed by using the “Invite User” process or the “Edit Permissions” process.


Only users with an Org admin role can invite, remove, and manage user access levels for other users in the VIP Dashboard.

If an organization currently has no users with the Org admin role, and existing users are unable to view certain features such as the organization’s Usage Plan Details, contact VIP Support for assistance.

When the “Guest” Org role is selected for a user in the “Permissions” panel, an “Applications” field will appear below “Permissions“.

A user’s access level for viewing and interacting with individual applications within the VIP Dashboard is determined by the permission levels set by a user’s App role.

Screenshot of the Applications permissions dropdown

To set a user’s App role for each application:

  1. Select the label “No applications selected >” to view a list of all applications that belong to the organization.
  2. A user’s current App role setting is displayed in the label to the right of each listed application.
    Applications labeled “None” are not accessible to the user.
  3. Modify a user’s App role setting by clicking on the label and selecting either Read, Write, or Admin from the dropdown.
  4. Confirm the settings by selecting the “Set Permissions” button at the bottom right of the panel, or cancel the settings by selecting the “Back” button.

Last updated: August 12, 2022