Skip to content

Backgrounds

How-to Guides

Technical References

VIP Dashboard /

Public API permissions access list

Permissions in the VIP Dashboard are controlled by an access control list in our public API.

Assigning different roles allows you to manage access to your site. We have two types of permission roles we check for: App Roles and Org Roles. A list of specific permissions for both App Roles and Org Roles can be found below.

App Roles

There are three supported App Roles, in order of fewest privileges to most: read, write, and admin. App role permissions are based on GitHub permissions when you first sign into the VIP Dashboard.

Each user can have different App Roles for each organization they belong to.

ReadUser has Read permissions on a GitHub repository
WriteUser has Write permissions on a GitHub repository
AdminUser has Admin permissions on a GitHub repository

Org Roles

There are three supported Org Roles, in order of fewest privileges to most: viewer, member, and admin.

Viewer

  • User is granted this permission for all organizations that the user has App Roles for. For example, user has write App Role for app 2302, so user also has viewer Org role for the Organization of app 2302, which is Organization ID 285

Member

  • Intended for users that need to see more information than basic organization data, but do not necessarily need admin privileges, such as business users for your organization
  • Inherits all viewer permissions

Admin

  • User is an Owner of the GitHub Organization
  • Inherits all viewer and member permissions

Users can have different levels of App roles and Org Roles (e.g., a write App role and a viewer Org role).

List of permissions: App Roles

The App Admin role currently has no permissions that differ from the App Write role.

PermissionApp ReadApp Write
App Admin
General permission to allow user to view things based on their App RoleYYY
View the Health DashboardYYY
View details for a WP CLI commandYYY
View a list of WP CLI commands that can be runYYY
View the IP Allow ListYYY
View Basic AuthenticationYYY
Get log shipping credentials (bucket, region, if log shipping is enabled)YYY
General permission to allow user to update things based on their App RoleYY
Can perform data syncsYY
View a list of environmentsYY
View a list of domains for an environmentYY
Add domains to an environmentYY
Deactivate a domainYY
Activate a Let’s Encrypt certificate for a domainYY
Run WP CLI commandsYY
Launch a siteYY
Set a domain as the primary domainYY
Create a pre-signed URL for self-service importsY Y
Add an IP to the IP Allow ListYY
Delete an IP in the IP Allow ListYY
Add a new user to Basic AuthenticationYY
Edit user credentials for Basic AuthenticationYY
Delete a user in Basic AuthenticationYY
Validate Log Shipping credentials + update the credentialsYY
Enable Log ShippingYY
Disable Log ShippingYY
Delete Log Shipping credentialsYY
Start a self-service importYY

List of Permissions: Org Roles

PermissionOrg ViewerOrg MemberOrg Admin
General permission to allow the user to view things based on their Org roleYYY
View apps from an organization that the user was granted access toYYY
Query for a list of all organizations the user has access toYYY
View an organization’s contactsYYY
View a list of appsYY
All permissions that apply to the App Write and App Admin role*YY
View a list of users for the organizationYY
View the Organization’s Usage – Monthly Platform Requests for Total Requests of an organizationYY
View the Organization’s Usage – Monthly Platform Requests for Application Usage of an Organization’s production appsYY
Can view an Organization’s Usage Plan Details, including Code Review level, Ticket SLA, Addons, etc. This is separate from the Organization’s Usage Monthly Platform RequestsY
Can set user Org Roles for users in their organizationY
Can view their own Org Roles and Org Roles of other users in their organization
Y
*Except for the Create a pre-signed URL for self-service imports permission


Last updated: April 09, 2021