Roles & Least Privilege
Design access using the fixed role set and the principle of least privilege.
#At a glance
| Detail | Value |
|---|---|
| Audience | Admins, security owner |
| Estimated time | Half a day |
| Portal areas used | Settings → Users & Roles |
| AI used | None (security) |
#Purpose
Assign roles so people can do their jobs and nothing more, keeping powerful roles rare.
#Business outcome
Access matches responsibility, and admin/CEO power is limited to a trusted few.
#Implementation checklist
1
Map each job to the closest fixed role
2
Reserve CEO/admin for a small, trusted group
3
Grant manager (full-access) only where needed
4
Review access after every rollout phase
#Dependencies
- Departments designed
#Risks
Watch for these
- Trying to create custom roles (the set is fixed)
- Handing out admin to avoid thinking about roles
#Success criteria
Done looks like
- Every user has a least-privilege role
- Admin/CEO is limited
- Access is reviewed each phase
#Related documentation
Authorization & Isolation
Roles & RLS.
Role Management
How-to.
Contact Support
Reach the DevSphere OS team.
Still need help?
Can’t find what you’re looking for? The DevSphere OS team is happy to help.
Was this page helpful?