Users & access
Accounts sign in with a username and password. Authority over a server comes from a per-server role, so you can hand out exactly the access each teammate needs.
Accounts
Each account has a unique username (the login handle), a display name, and a password. There are no email addresses. Sessions are cookie-based. New accounts are created by redeeming an invite — a single-use, expiring link an admin generates from the Accounts page.
Global roles
| Role | Can |
|---|---|
| admin | Everything: manage users and invites, see and control every server, appoint moderators, create servers. |
| member | A regular account. Sign in, create (and thereby own) servers, and hold per-server roles granted by others. |
Per-server roles
Access to an individual server is granted per server. The owner is an implicit moderator; admins bypass these checks entirely.
| Role | On that server, can… |
|---|---|
| viewer | Watch the console and browse files. |
| operator | Everything a viewer can, plus start/stop/restart, send commands, set the restart schedule, and edit files. |
| moderator | Everything an operator can, plus manage access — grant or revoke operator/viewer for other users. |
The Access panel
Each server has an Access plane showing who has access and at what role, with controls to grant, change, or remove access by username. The guardrails:
- A moderator can grant and revoke operator and viewer only — they can't appoint other moderators or touch admins or the owner.
- Only admins appoint moderators.
- To add someone who has no account yet, an admin invites them first; then any moderator can grant them a role.