Skip to main content

Roles & Permissions

Autoheal uses role-based access control (RBAC) to manage what users can do within the platform. This guide explains the available roles and their permissions.

Role Hierarchy

Autoheal has two roles:

Admin
  └── Member
RoleDescription
AdminFull administrative access to manage users, integrations, and settings
MemberStandard access to use the platform for investigations

Permission Details

Member

Members can:

  • Start and conduct investigations
  • Query connected integrations
  • Read and search the knowledge base
  • Create and edit their own documents
  • View their investigation history

Members cannot:

  • Manage other users
  • Add or modify integrations
  • Access admin settings
  • Delete other users' content

Admin

Admins have all Member permissions, plus:

  • User Management: Invite, remove, and manage team members
  • Integration Management: Add, edit, and remove integrations
  • Knowledge Base Admin: Edit or delete any document
  • Settings Access: Configure organization settings
  • Billing: Manage subscription and payment

Managing Users

Inviting Users (Admin)

1
Navigate to Users

Go to Users from the Settings section in the sidebar.

2
Click Invite

Click the Invite User button.

3
Enter Details

Provide:

  • Email address
  • Role to assign (Member or Admin)
4
Send Invitation

Click Send Invite. The user will receive an email to join.

Changing User Roles (Admin)

1
Find the User

Go to Users and locate the user.

2
Edit Role

Click the role dropdown next to their name.

3
Select New Role

Choose the new role and confirm.

Removing Users (Admin)

1
Find the User

Go to Users and locate the user.

2
Remove

Click the menu icon and select Remove User.

3
Confirm

Confirm the removal. The user will immediately lose access.

Best Practices

Principle of Least Privilege

Assign the minimum role needed for each user's responsibilities:

  • Most team members should be Members
  • Only team leads or managers need Admin
Regular Access Reviews

Periodically review user access:

  • Remove users who have left the team
  • Verify role assignments are still appropriate
  • Check for unused accounts

Multi-Tenant Architecture

Autoheal supports multiple organizations (tenants):

  • Each organization has its own users, integrations, and knowledge base
  • Data is isolated between organizations
  • Users can belong to multiple organizations
  • Switch between organizations from the account menu

SSO Integration

For enterprise customers, Autoheal supports Single Sign-On:

  • OIDC/OAuth2: Connect to your identity provider
  • Role Mapping: Map IdP groups to Autoheal roles
  • Just-in-Time Provisioning: Automatically create users on first login

Contact your Autoheal representative to configure SSO.

Audit Logging

All administrative actions are logged:

  • User invitations and removals
  • Role changes
  • Integration modifications
  • Settings changes

Audit logs are available to Admins through the platform.

FAQ

Can I have multiple Admins?

Yes, you can have multiple Admins. We recommend having at least 2 Admins for redundancy.

What happens when I remove a user?

The user immediately loses access. Their investigation history is retained for audit purposes, but they can no longer access the platform.

Can Members create integrations?

No, only Admins can create, edit, or delete integrations. Members can only use existing integrations for investigations.