Dashboard Access by Role

Dashboard Access by Role

As a tenant administrator, you can assign your team members roles to allow them to have limited access to Auth0 Dashboard features so they can complete their jobs without putting production applications at risk and complying with the least privilege principle.

Dashboard roles

You can assign the following roles for the Auth0 Dashboard:

Role Permissions
Admin Read and write access to all resources in the Auth0 Dashboard.
Editor - Specific Apps Read and write access to specific applications only.
Editor - Connections Read, write, and create access to all types of connections.
Editor - Users User management operations (create, delete, block, unblock, reset MFA, reset password, update metadata, assign roles, etc.) and access to logs.
Viewer - Users Read-only access to users and logs.
Viewer - Config Settings Read-only access to all configuration settings (applications, APIs, rules, security settings, etc.) except for sensitive information such as secrets, billing, users, and logs.

Limited access

Your Auth0 subscription plan and the login method you choose can affect feature availability. To learn more, read:

Tenant members with less privileged roles will have a restricted Dashboard experience and they will have access only to the sections and actions they can perform. The following table shows the specific feature permissions for each role.

Dashboard Section Subsection Admin Editor - Specific Apps Editor - Connections Editor - Users Viewer - Users Viewer - Config
Get Started
Activity Stats
Applications Applications ✍ *¶ 👁 ‡
APIs 👁 ‡
SSO integrations ✍ *¶ 👁 ‡
Authentication Database ❌ † 👁 ‡
Social ❌ † 👁 ‡
Enterprise 👁 ‡
Passwordless 👁 ‡
Organizations Organizations List 👁 👁 👁
Organization Overview 👁
Organization Members 👁 👁
Organization Invitations 👁
Organization Connections 👁
User Management Users 👁
Roles 👁 👁 👁
Branding Universal Login 👁
Custom Domains 👁
Email Templates 👁
Email Providers 👁 ‡
Security Attack Protection 👁
Multi-factor Auth 👁 ‡
Monitoring
Actions Flows 👁
Library 👁
Auth Pipeline Rules 👁 ‡
Hooks
Monitoring Logs 👁 § 👁 §
Streams
Marketplace 👁 👁 👁 👁 👁
Extensions
Settings General 👁
Subscription
Tenant Members
Signing Keys
Advanced 👁
Get Support Support Tickets
Quota Reports
Usage Reports
Compliance
Tenant Tagging
Production Checks
Notifications

Legend

Symbol Permission
Access
No access
Edit
👁 View

Footnote Description
* Specific applications
Except secrets
Previously available for Application Admin role but removed from Editor Specific Apps role
Update only
§ User events

Log events available to user roles

Logs can contain sensitive data, such as secrets, PII, etc. It is important not to disclose sensitive data to users whose role does not require that information. However, the Editor - Users or Viewer - Users roles need to have some access to logs to identity user issues. For example, finding out if the user signed up correctly, if the user was blocked, etc.

We allow the Editor - Users and Viewer - Users with access to a limited set of log types, that are connected to user events. The log events in the list provide the necessary information about user actions but do not disclose sensitive information about other parts of the tenant configuration. To learn more, read Log Event Type Codes.

f
fcp
fcpr
fdeac
fdeaz
fdecc
feacft
fede
fens
flo
fn
fp
fs
fsa
fu
fv
fvr
gd_auth_failed
gd_auth_rejected
gd_auth_succeed
gd_enrollment_complete
gd_otp_rate_limit_exceed
gd_recovery_failed
gd_recovery_rate_limit_exceed
gd_recovery_succeed
gd_send_email
gd_send_email_failure
gd_send_pn
gd_send_pn_failure
gd_send_sms
gd_send_sms_failure
gd_send_voice
gd_send_voice_failure
gd_start_auth
gd_start_enroll
gd_tenant_update
gd_unenroll
gd_update_device_account
limit_mu
limit_wc
pwd_leak
s
scoa
scp
scpr
sercft
slo
ss
ssa
ublkdu
w

Was this helpful?

/

Limitations

  • Users with Admin role can invite Editor - Specific Apps users to one application at a time. To work around this, after the user accepts the invitation, the Admin user can edit their role to assign multiple applications.

  • The Viewer - Users and Editor - Users roles don't have access to the Users's Devices and Authorized Apps sections.

Private Cloud requirements

Be aware that the Editor - Users and the Viewer - Users roles depend on User Search v3 and Logs Search v3 to be enabled in your environment. If your environments doesn’t support these versions, these two roles will be unavailable.

Learn more