Roles & Permissions
Understand the role hierarchy and what each role can access
Overview
Hawcx uses a role-based access control (RBAC) system. Each user is assigned a single role that determines their permissions across the console.
Role Summary
| Role | Scope | Description |
|---|---|---|
| Admin | Organization | Full access to settings, team, projects, billing, and audit logs |
| Developer | Project | Access to assigned projects only; can generate dev Config IDs and request production ones |
| Viewer | Project | Read-only access to assigned projects |
Permission Matrix
| Capability | Admin | Developer | Viewer |
|---|---|---|---|
| View dashboard | Yes | Yes | Yes |
| View assigned projects | Yes | Yes | Yes |
| View all projects | Yes | - | - |
| Create projects | Yes | - | - |
| Delete projects | Yes | - | - |
| Generate dev Config IDs | Yes | Yes | - |
| Request production Config IDs | Yes | Yes | - |
| Revoke Config IDs (own) | Yes | Yes | - |
| Revoke Config IDs (any) | Yes | - | - |
| Configure auth flows | Yes | - | - |
| Invite team members | Yes | - | - |
| Edit user roles | Yes | - | - |
| Remove users | Yes | - | - |
| View audit logs | Yes | - | - |
| View billing | Yes | - | - |
| Edit organization settings | Yes | - | - |
How Project Assignment Works
Developers and Viewers can only see projects they've been explicitly assigned to. Admins assign projects when inviting a user or by editing an existing user's profile.
If a developer needs access to a new project, an admin must update their project assignments from the Team page.
Organization Creator
The user who created the organization is marked as the Organization Creator. This is a permanent designation, and the creator's role cannot be changed by other admins.