WIP
RBAC
Role-based access control for Arc
Atlas is the provider console for infrastructure operators. It operates in a platform-scoped context—no customer organization isolation.
| Role | Description | Capabilities |
|---|
super_admin | Full platform control | All operations, system config, all impersonation |
provider_admin | Organization management | Create/manage customer orgs, impersonate users, modify settings |
provider_operator | Infrastructure operations | Provision servers, manage resources, no impersonation |
provider_revenue | Business & revenue operations | View all data, analytics, billing, pricing, audit logs (read-only) |
support | Customer support | Read-only access, impersonate for troubleshooting (read-only) |
| Permission | super_admin | provider_admin | provider_operator | provider_revenue | support |
|---|
| View all resources | ✅ | ✅ | ✅ | ✅ | ✅ |
| View all orgs/projects | ✅ | ✅ | ✅ | ✅ | ✅ |
| View analytics | ✅ | ✅ | ❌ | ✅ | ❌ |
| View audit logs | ✅ | ✅ | ❌ | ✅ | ❌ |
| View billing/revenue | ✅ | ✅ | ❌ | ✅ | ❌ |
| Manage pricing | ✅ | ✅ | ❌ | ✅ | ❌ |
| Export reports | ✅ | ✅ | ❌ | ✅ | ❌ |
| Manage servers | ✅ | ✅ | ✅ | ❌ | ❌ |
| Power/lifecycle | ✅ | ✅ | ✅ | ❌ | ❌ |
| Create/manage orgs | ✅ | ✅ | ❌ | ❌ | ❌ |
| Modify org settings | ✅ | ✅ | ❌ | ❌ | ❌ |
| Impersonate (full) | ✅ | ✅ | ❌ | ❌ | ❌ |
| Impersonate (read-only) | ✅ | ✅ | ❌ | ❌ | ✅ |
| System configuration | ✅ | ❌ | ❌ | ❌ | ❌ |
| Manage Atlas users | ✅ | ❌ | ❌ | ❌ | ❌ |
Arc is the customer self-service portal. It uses an organization plugin for multi-tenancy.
| Role | Scope | Description |
|---|
owner | All projects | Full org control, settings, billing, member management |
admin | All projects | Create/manage resources, deployments, kubeconfig access |
member | Assigned projects | Access assigned projects, view org-wide projects |
| Permission | owner | admin | member |
|---|
| View all resources | ✅ | ✅ | ✅ |
| View all orgs/projects | ✅ | ✅ | ✅ |
| View analytics | ✅ | ✅ | ❌ |
| View audit logs | ✅ | ✅ | ❌ |
| View billing/revenue | ✅ | ✅ | ❌ |
| Manage pricing | ✅ | ✅ | ❌ |
| Export reports | ✅ | ✅ | ❌ |
| Manage resources | ✅ | ✅ | ✅ |
| Power/lifecycle | ✅ | ✅ | ✅ |
| Create/manage projects | ✅ | ✅ | ✅ |
| Modify org settings | ✅ | ❌ | ❌ |
| System configuration | ✅ | ❌ | ❌ |
| Manage Arc users | ✅ | ❌ | ❌ |
| Role | Description |
|---|
admin | Full project control, manage members, change visibility |
member | Deploy and manage resources within project |
| Permission | admin | member |
|---|
| View all resources | ✅ | ✅ |
| View all orgs/projects | ✅ | ✅ |
| View analytics | ✅ | ✅ |
| View audit logs | ✅ | ✅ |
| View billing/revenue | ✅ | ✅ |
| Manage pricing | ✅ | ✅ |
| Export reports | ✅ | ✅ |
| Manage servers | ✅ | ✅ |
| Power/lifecycle | ✅ | ✅ |
| Modify project settings | ✅ | ❌ |
| Manage project members | ✅ | ❌ |
| Value | Behavior |
|---|
org | All org members can view (read-only access) |
members_only | Only project members + org owner/admin can view and access |
Last updated on
How is this guide?