App role and permissions
Users granted access to an organization’s VIP Dashboard with an Org guest role can only interact with an organization’s applications for which they also have an assigned App role.
A user with an Org guest role can have one of three App roles assigned to them on a per-application basis (in order of fewest privileges to most): read, write, and admin.
This makes it possible for a user to have an App admin role for one application, an App read role for another, and no role (or access) at all for other applications in the organization.
List of permissions
| Permission | App read | App write | App admin |
|---|---|---|---|
| View software version information for an application | Y | Y | Y |
| View the Health dashboard | Y | Y | Y |
| View details for a WP-CLI command | Y | Y | Y |
| View a list of WP-CLI commands that can be run | Y | Y | Y |
| View the IP Allow List | Y | Y | Y |
| View Basic Authentication | Y | Y | Y |
| View a list of database backups | Y | Y | Y |
| View a list of media backups | Y | Y | Y |
| Perform data syncs | Y | Y | |
| View a list of environments | Y | Y | |
| View a list of domains for an environment | Y | Y | |
| Add domains to an environment | Y | Y | |
| Deactivate a domain | Y | Y | |
| Activate a Let’s Encrypt certificate for a domain | Y | Y | |
| Install and activate custom TLS certificates for a domain | Y | Y | |
| Run WP-CLI commands | Y | Y | |
| Launch a site | Y | Y | |
| Set a domain as the primary domain | Y | Y | |
| Create a pre-signed URL for self-service imports | Y | Y | |
| Start a self-service import | Y | Y | |
| Download an environment’s database backup | Y | ||
| Download an environment’s media backup | Y | ||
| Add a new user to Basic Authentication | Y | ||
| Edit user credentials for Basic Authentication | Y | ||
| Delete a user in Basic Authentication | Y | ||
| Configure, update, and delete Log Shipping credentials | Y | ||
| Enable and disable Log Shipping | Y | ||
| Configure, update, and delete Backup Shipping credentials | Y | ||
| Enable and disable Backup Shipping | Y | ||
| Delete an IP in the IP Allow List | Y | ||
| Add an IP to the IP Allow List | Y | ||
| View the Application’s Audit Log | Y | ||
| Enable, configure, and disable HSTS | Y |
Assign an App role
The settings panel for assigning an App role to a user is accessed by using the “Invite User” process or the “Edit Permissions” process.
Prerequisites
Only users with an Org admin role can invite, remove, and manage user access levels for other users in the VIP Dashboard.
If an organization currently has no users with the Org admin role, and existing users are unable to view certain features such as the organization’s Usage Plan Details, contact VIP Support for assistance.
When the “Guest” Org role is selected for a user in the “Permissions” panel, an “Applications” field will appear below “Permissions“.
A user’s access level for viewing and interacting with individual applications within the VIP Dashboard is determined by the permission levels set by a user’s App role.
To set a user’s App role for each application:
- Select the label “No applications selected >” to view a list of all applications that belong to the organization.
- A user’s current App role setting is displayed in the label to the right of each listed application.
Applications labeled “None” are not accessible to the user. - Modify a user’s App role setting by clicking on the label and selecting either Read, Write, or Admin from the dropdown.
- Confirm the settings by selecting the “Set Permissions” button at the bottom right of the panel, or cancel the settings by selecting the “Back” button.