Administration uses layered permissions:
- Superadmin (platform-level special role).
- Global permissions.
- Entity permissions for host/client interface/DB role/service.
- Instance/project/object structure/object permissions inside instance scope.
Permission bitmask semantics:
- null means no access to entity.
- 0 means base access (typically read visibility).
Superadmin can do platform-wide operations, including superadmin management.
Global permissions can be assigned by users with global admin management capability.
- User moderator: view all application users.
- User admin: edit all application users.
- Host admin: manage all hosts and host-bound entities.
- Client interface admin: manage all clients.
- Language admin: manage global languages.
- Enum admin: view enums.
- Admin manager: manage user permissions globally and on entities.
Client interface permissions:
- Base access: see client.
- Manual manager: manage client manuals/details and files.
- Client interface manager: edit/delete client.
- DB role manager: manage client DB role permissions.
- User moderator: manage user permissions for the client.
- Admin: advanced visibility/history/deleted entities.
Host permissions:
- Base access: see host and tablespaces.
- Instance source, Instance manager, Instance admin.
- DB role source, DB role instance moderator, DB role admin.
- Service source, Service operator, Service manager, Service admin.
- User moderator.
- Admin.
DB role permissions:
- Base access: see DB role.
- Database user: view credentials.
- Instance moderator: manage role-to-instance permissions.
- Admin: manage role lifecycle, inheritance, user bindings, history.
Service permissions:
- Base access: see service.
- Service operator: control operations.
- Service manager: configuration edits.
- Admin: full service lifecycle + history visibility.
Changing user permissions on an entity usually requires:
- permission on that entity
- and user moderation capability to search/select users
A practical exception exists for assigning users to instance in selected workflows to allow local instance managers without broad global rights.