-
-
Notifications
You must be signed in to change notification settings - Fork 0
Users and Security
Four roles, enforced server-side on every endpoint (not just hidden buttons):
- admin - everything, across all tenants.
- user - read-only across all tenants: dashboard, events, snapshots browse.
- org_admin (MSP license) - scoped to one client org: can run backups, browse snapshots, and apply restores for that org's tenants only. Cannot add or edit tenants, users, orgs, or settings.
- org_viewer (MSP license) - scoped to one client org, read-only. Action buttons show "contact your MSP administrator".
Org-scoped users never see tenants outside their org - those tenants return 404, not 403, so their existence is not leaked. The free Community tier includes the single admin created at first run; adding users requires a paid license, and org roles require the MSP feature (see MSP and Client Orgs).
Two ways to create a user. Send invite link: the account starts as a pending invite and a one-time link lets them set their own password; if SMTP is configured the invite is emailed, and either way you get a copyable link. Set password now: the admin sets an initial password and the account is active immediately - no email required. Share it securely; the user can change it in their profile.
-
Passwords are hashed with scrypt; sessions are server-side (revocable), with Secure/HttpOnly cookies behind HTTPS.
-
Every user can enable TOTP two-factor from their profile (QR enrollment); MFA is enforced at sign-in.
-
Admins can reset a user's password or reset MFA (lost authenticator); resets also revoke trusted devices.
-
Optional trusted-device window: after a successful code, skip the MFA prompt on that browser for N days (0 = always prompt, the default).
Failed logins lock the account after a configurable number of attempts (default 5) for a configurable duration (default 15 minutes), tracked per account and audit-logged.
Every mutating action (logins, tenant changes, restores, settings, license and user changes) is recorded with actor and detail in the Audit page.