User permissions to view, manage, or trigger actions on applications and environments in the VIP Dashboard are controlled by an access control list. Access permissions for users are defined by the Org roles and App roles assigned to them via user access management in the VIP Dashboard.
Users can have different levels of App roles and Org Roles (e.g., a write App role and a guest Org role).
App roles are assigned to users on a per-application basis within an organization. There are three supported App Roles, in order of fewest privileges to most: read, write, and admin.
List of permissions
The App admin role has the same permissions as the App write role, plus additional permissions.
|Permission||App read||App write||App admin|
|General permission to allow user to view things based on their App role||Y||Y||Y|
|View software version information for an app||Y||Y||Y|
|View the Health Dashboard||Y||Y||Y|
|View details for a WP-CLI command||Y||Y||Y|
|View a list of WP-CLI commands that can be run||Y||Y||Y|
|View the IP Allow List||Y||Y||Y|
|View Basic Authentication||Y||Y||Y|
|General permission to allow user to update things based on their App Role||Y||Y|
|Can perform data syncs||Y||Y|
|View a list of database backups||Y||Y|
|View a list of environments||Y||Y|
|View a list of domains for an environment||Y||Y|
|Add domains to an environment||Y||Y|
|Deactivate a domain||Y||Y|
|Activate a Let’s Encrypt certificate for a domain||Y||Y|
|Install and activate custom TLS certificates for a domain||Y||Y|
|Run WP-CLI commands||Y||Y|
|Launch a site||Y||Y|
|Set a domain as the primary domain||Y||Y|
|Create a pre-signed URL for self-service imports||Y||Y|
|Start a self-service import||Y||Y|
|Add a new user to Basic Authentication||Y|
|Edit user credentials for Basic Authentication||Y|
|Delete a user in Basic Authentication||Y|
|Configure, update, and delete Log Shipping credentials||Y|
|Enable and disable Log Shipping||Y|
|Configure, update, and delete Backup Shipping credentials||Y|
|Enable and disable Backup Shipping||Y|
|Delete an IP in the IP Allow List||Y|
|Add an IP to the IP Allow List||Y|
There are three supported Org Roles, in order of fewest privileges to most: guest, member, and admin.
- Users that are assigned App roles of any level to one or more of an organization’s applications, are automatically assigned a guest Org role.
- Intended for users that need to see more information than basic organization data, but do not necessarily need admin privileges, such as business users for an organization
- Inherits all guest permissions
- This Org role is typically assigned to an organization’s account owner.
- Inherits all guest and member permissions
List of permissions
If an organization currently has no users with the Org Admin role, and existing users are unable to view certain features such as the organization’s Usage Plan Details, contact VIP Support for assistance.
|Permission||Org Guest||Org Member||Org Admin|
|General permission to allow the user to view things based on their Org role||Y||Y||Y|
|View apps from an organization that the user was granted access to||Y||Y||Y|
|Query for a list of all organizations the user has access to||Y||Y||Y|
|View an organization’s contacts||Y||Y||Y|
|View a list of apps||Y||Y|
|All permissions that apply to the App write and App admin role*||Y||Y|
|View a list of users for the organization||Y||Y|
|View the Organization’s Usage – Monthly Platform Requests for Total Requests of an organization||Y||Y|
|View the Organization’s Usage – Monthly Platform Requests for Application Usage of an Organization’s production apps||Y||Y|
|Can view an Organization’s Usage Plan Details, including Code Review level, Ticket SLA, Add-ons, etc. This is separate from the Organization’s Usage Monthly Platform Requests||Y|
|Can set user Org Roles for users in their organization||Y|
|Can view their own Org Roles and Org Roles of other users in their organization||Y|
Create a pre-signed URL for self-service importspermission