Public API permissions access list
Permissions in the VIP Dashboard are controlled by an access control list in our public API.
Assigning different roles allows you to manage access to your site. We have two types of permission roles we check for: App Roles and Org Roles. A list of specific permissions for both App Roles and Org Roles can be found below.
App Roles
There are three supported App Roles, in order of fewest privileges to most: read, write, and admin. App role permissions are based on GitHub permissions when you first sign into the VIP Dashboard.
Each user can have different App Roles for each organization they belong to.
| Read | User has Read permissions on a GitHub repository |
| Write | User has Write permissions on a GitHub repository |
| Admin | User has Admin permissions on a GitHub repository |
Org Roles
There are three supported Org Roles, in order of fewest privileges to most: viewer, member, and admin.
Viewer
- User is granted this permission for all organizations that the user has App Roles for. For example, user has write App Role for app 2302, so user also has viewer Org role for the Organization of app 2302, which is Organization ID 285
Member
- Intended for users that need to see more information than basic organization data, but do not necessarily need admin privileges, such as business users for your organization
- Inherits all viewer permissions
Admin*
- User is an Owner of the GitHub Organization
- Inherits all viewer and member permissions
Users can have different levels of App roles and Org Roles (e.g., a write App role and a viewer Org role).
*If your organization currently has no users with the Org Admin role, and are unable to view certain features such as the organization’s Usage Plan Details, please contact VIP.
List of permissions: App Roles
The App Admin role has the same permissions as the App Write role, plus additional permissions.
| Permission | App Read | App Write | App Admin |
|---|---|---|---|
| General permission to allow user to view things based on their App Role | Y | Y | Y |
| View the Health Dashboard | Y | Y | Y |
| View details for a WP CLI command | Y | Y | Y |
| View a list of WP CLI commands that can be run | Y | Y | Y |
| View the IP Allow List | Y | Y | Y |
| View Basic Authentication | Y | Y | Y |
| Get log shipping credentials (bucket, region, if log shipping is enabled) | Y | Y | Y |
| General permission to allow user to update things based on their App Role | Y | Y | |
| Can perform data syncs | Y | Y | |
| View a list of environments | Y | Y | |
| View a list of domains for an environment | Y | Y | |
| Add domains to an environment | Y | Y | |
| Deactivate a domain | Y | Y | |
| Activate a Let’s Encrypt certificate for a domain | Y | Y | |
| Install and activate custom TLS certificates for a domain | Y | Y | |
| Run WP CLI commands | Y | Y | |
| Launch a site | Y | Y | |
| Set a domain as the primary domain | Y | Y | |
| Create a pre-signed URL for self-service imports | Y | Y | |
| Start a self-service import | Y | Y | |
| Add a new user to Basic Authentication | Y | ||
| Edit user credentials for Basic Authentication | Y | ||
| Delete a user in Basic Authentication | Y | ||
| Validate Log Shipping credentials + update the credentials | Y | ||
| Delete Log Shipping credentials | Y | ||
| Enable Log Shipping | Y | ||
| Disable Log Shipping | Y | ||
| Delete an IP in the IP Allow List | Y | ||
| Add an IP to the IP Allow List | Y |
List of Permissions: Org Roles
| Permission | Org Viewer | Org Member | Org Admin |
|---|---|---|---|
| General permission to allow the user to view things based on their Org role | Y | Y | Y |
| View apps from an organization that the user was granted access to | Y | Y | Y |
| Query for a list of all organizations the user has access to | Y | Y | Y |
| View an organization’s contacts | Y | Y | Y |
| View a list of apps | Y | Y | |
| All permissions that apply to the App Write and App Admin role* | Y | Y | |
| View a list of users for the organization | Y | Y | |
| View the Organization’s Usage – Monthly Platform Requests for Total Requests of an organization | Y | Y | |
| View the Organization’s Usage – Monthly Platform Requests for Application Usage of an Organization’s production apps | Y | Y | |
| Can view an Organization’s Usage Plan Details, including Code Review level, Ticket SLA, Addons, etc. This is separate from the Organization’s Usage Monthly Platform Requests | Y | ||
| Can set user Org Roles for users in their organization | Y | ||
| Can view their own Org Roles and Org Roles of other users in their organization | Y |
Create a pre-signed URL for self-service imports permission