Dashboard Roles & Permissions
The below Roles are being gradually rolled out to all customers by September 3rd, 2024. To review the changes to existing workspace user permissions see the Migration from Legacy Roles section below.
Roles Overview
Stytch's dashboard can be used for managing your integration configuration, debugging via event logs and DFP analytics, or performing customer support actions like resetting passwords. To support this range of use cases, Stytch offers the following user roles in our dashboard:
- Admin: Able to perform all actions across the dashboard, including managing Live API Keys
- Developer: Able to manage project configurations, as well as write access to all core entities. Can view and create API Keys in Test, but not in Live.
- Support Manager: Read access to project configurations and event logs, and write access to project Users, Members, Organizations (including managing SSO and SCIM Connections) and Device Fingerprint rules.
- Support Agent: Read access to project Users, Members, Organizations and event logs. Able to take non-destructive write actions on Users/Members, such as resetting passwords and revoking sessions.
- No Access: No functional access within the dashboard, can view project names and workspace members. Can be used to provision users without yet granting them a higher privilege role.
If you enable Just-in-Time (JIT) Provisioning to allow users from a specific email domain (i.e. stytch.com) to discover and join your worksapce without an explicit invite those users will be assigned the Support Agent role by default. You can override this default by configuring an automatic role assignment for the email domain, which will apply to all workspace members with verified emails from that domain.
Detailed Permissions
Admin | Developer | Support Manager | Support Agent | No Access | |
|---|---|---|---|---|---|
Manage Workspace Members | ✅ | ||||
Manage Workspace Settings | ✅ | ||||
Manage Workspace Billing | ✅ | ||||
Manage Live API Keys | ✅ | ||||
Manage Test API Keys | ✅ | ✅ | |||
Create Projects | ✅ | ✅ | |||
Delete Projects | ✅ | ||||
Manage Project Configurations | ✅ | ✅ | |||
View Project Configurations | ✅ | ✅ | ✅ | ||
Manage M2M Clients | ✅ | ✅ | |||
View M2M Clients | ✅ | ✅ | ✅ | ||
Manage Users, Members and Organizations | ✅ | ✅ | ✅ | ||
View Users, Members and Organizations | ✅ | ✅ | ✅ | ✅ | |
Manage DFP Rules | ✅ | ✅ | ✅ | ||
View DFP Rules | ✅ | ✅ | ✅ | ✅ | |
View DFP Analytics | ✅ | ✅ | ✅ | ✅ | |
View Event Logs | ✅ | ✅ | ✅ | ✅ | |
Trigger Password Resets | ✅ | ✅ | ✅ | ✅ | |
Revoke Sessions | ✅ | ✅ | ✅ | ✅ | |
Reactivate Emails | ✅ | ✅ | ✅ | ✅ |
Migration from Legacy Roles
Workspace members created prior to our new roles and permissions update had one of 4 legacy roles: Admin, Write, Read and Test. By September 3rd, 2024 these members will be migrated to the new roles, with the following changes:
Legacy Role | New Role | Lost Permissions | Added Permissions |
|---|---|---|---|
Admin | Admin | ||
Write | Developer | Management of Live API Keys | |
Read | Support Agent | View Project Configurations | Trigger Password Resets, Revoke Sessions, Reactivate Emails in Test and Live |
Test | Support Agent | View Users/Members/Organizations, Event Logs, DFP Analytics in Live. Trigger Password Resets, Revoke Sessions, Reactivate Emails in Test and Live |