Skip to content

Users and Security

KelTech Services edited this page Jul 13, 2026 · 2 revisions

Users & security

Roles

Four roles, enforced server-side on every endpoint (not just hidden buttons):

  • admin - everything, across all tenants.
  • user - read-only across all tenants: dashboard, events, snapshots browse.
  • org_admin (MSP license) - scoped to one client org: can run backups, browse snapshots, and apply restores for that org's tenants only. Cannot add or edit tenants, users, orgs, or settings.
  • org_viewer (MSP license) - scoped to one client org, read-only. Action buttons show "contact your MSP administrator".

Org-scoped users never see tenants outside their org - those tenants return 404, not 403, so their existence is not leaked. The free Community tier includes the single admin created at first run; adding users requires a paid license, and org roles require the MSP feature (see MSP and Client Orgs).

Adding users

Two ways to create a user. Send invite link: the account starts as a pending invite and a one-time link lets them set their own password; if SMTP is configured the invite is emailed, and either way you get a copyable link. Set password now: the admin sets an initial password and the account is active immediately - no email required. Share it securely; the user can change it in their profile.

Passwords & MFA

  • Passwords are hashed with scrypt; sessions are server-side (revocable), with Secure/HttpOnly cookies behind HTTPS.

  • Every user can enable TOTP two-factor from their profile (QR enrollment); MFA is enforced at sign-in.

  • Admins can reset a user's password or reset MFA (lost authenticator); resets also revoke trusted devices.

  • Optional trusted-device window: after a successful code, skip the MFA prompt on that browser for N days (0 = always prompt, the default).

Brute-force protection

Failed logins lock the account after a configurable number of attempts (default 5) for a configurable duration (default 15 minutes), tracked per account and audit-logged.

Audit log

Every mutating action (logins, tenant changes, restores, settings, license and user changes) is recorded with actor and detail in the Audit page.

Clone this wiki locally