Skip to content

Enterprise Authentication

Roles & permissions

User permissions to view, manage, or trigger actions on applications and environments in the VIP Dashboard are controlled by an access control list. Access permissions for users are defined by the Org roles and App roles assigned to them via user access management in the VIP Dashboard.

Users can have different levels of App roles and Org Roles (e.g., an App write role and an Org guest role).

App roles

App roles are assigned to users with an Org guest role on a per-application basis within an organization. There are three supported App roles, in order of fewest privileges to most: read, write, and admin.

List of permissions

PermissionApp readApp write
App admin
View software version information for an appYYY
View the Health DashboardYYY
View details for a WP-CLI commandYYY
View a list of WP-CLI commands that can be runYYY
View the IP Allow ListYYY
View Basic AuthenticationYYY
Can perform data syncsYY
View a list of environmentsYY
View a list of database backupsYY
View a list of media file exportsYY
View a list of domains for an environmentYY
Add domains to an environmentYY
Deactivate a domainYY
Activate a Let’s Encrypt certificate for a domainYY
Install and activate custom TLS certificates for a domainYY
Run WP-CLI commandsYY
Launch a siteYY
Set a domain as the primary domainYY
Create a pre-signed URL for self-service importsY Y
Start a self-service importYY
Download an environment’s database backupY
Download an environment’s media file exportY
Add a new user to Basic AuthenticationY
Edit user credentials for Basic AuthenticationY
Delete a user in Basic AuthenticationY
Configure, update, and delete Log Shipping credentialsY
Enable and disable Log ShippingY
Configure, update, and delete Backup Shipping credentialsY
Enable and disable Backup ShippingY
Delete an IP in the IP Allow ListY
Add an IP to the IP Allow ListY
View the Application’s Audit LogY
Enable, configure, and disable HSTSY

Org roles

There are three supported Org roles, in order of fewest privileges to most: guest, member, and admin.


  • Users that are assigned App roles of any level to one or more of an organization’s applications, are automatically assigned an Org guest role.


  • Intended for users that need to see more information than basic organization data, but do not necessarily need admin privileges, such as business users for an organization
  • Inherits all guest permissions


  • This Org role is typically assigned to an organization’s account owner.
  • Inherits all guest and member permissions

List of permissions


If an organization currently has no users with the Org Admin role, and existing users are unable to view certain features such as the organization’s Usage Plan Details, contact VIP Support for assistance.

PermissionOrg guestOrg memberOrg admin
View apps from an organization that the user was granted access toYYY
Query for a list of all organizations the user has access toYYY
View an organization’s contactsYYY
View a list of appsYY
View a list of users for the organization YY
View the Organization’s Usage – Monthly Platform Requests for Total Requests of an organizationYY
View the Organization’s Usage – Monthly Platform Requests for Application Usage of an Organization’s production appsYY
View the Organization’s Audit Log YY
All permissions that apply to the App write and App admin role*Y
Can view an Organization’s Usage Plan Details, including Code Review level, Ticket SLA, Add-ons, etc. This is separate from the Organization’s Usage Monthly Platform RequestsY
Can set user Org roles for users in their organizationY
Can view their own Org roles and Org roles of other users in their organization
*Except for the Create a pre-signed URL for self-service imports permission

Last updated: June 29, 2022