Roles & Permissions
Piora provides four default roles, each with different permission scopes. Proper role assignment ensures team members can only access the resources they need for their work.
Role Overview
Section titled “Role Overview”| Role | Description | Intended For |
|---|---|---|
| Owner | Full access, including billing | Organization creator |
| Admin | Near-complete management permissions | Tech leads, DevOps |
| Developer | Deployment and app management | Developers |
| Viewer | Read-only access | Stakeholders, non-technical members |
Permission Matrix
Section titled “Permission Matrix”Server Management
Section titled “Server Management”| Operation | Owner | Admin | Developer | Viewer |
|---|---|---|---|---|
| Add server | Yes | Yes | No | No |
| Remove server | Yes | No | No | No |
| View server status | Yes | Yes | Yes | Yes |
| Modify server settings | Yes | Yes | No | No |
| Run maintenance tasks | Yes | Yes | No | No |
Application Management
Section titled “Application Management”| Operation | Owner | Admin | Developer | Viewer |
|---|---|---|---|---|
| Create application | Yes | Yes | Yes | No |
| Delete application | Yes | Yes | No | No |
| Deploy / Redeploy | Yes | Yes | Yes | No |
| View logs | Yes | Yes | Yes | Yes |
| Modify env variables | Yes | Yes | Yes | No |
| Configure domains | Yes | Yes | Yes | No |
| Rollback deployment | Yes | Yes | Yes | No |
Database Management
Section titled “Database Management”| Operation | Owner | Admin | Developer | Viewer |
|---|---|---|---|---|
| Create database | Yes | Yes | No | No |
| Delete database | Yes | Yes | No | No |
| View connection info | Yes | Yes | Yes | No |
| Manage backups | Yes | Yes | Yes | No |
Team Management
Section titled “Team Management”| Operation | Owner | Admin | Developer | Viewer |
|---|---|---|---|---|
| Invite members | Yes | Yes | No | No |
| Remove members | Yes | Yes | No | No |
| Change roles | Yes | Yes | No | No |
| View member list | Yes | Yes | Yes | Yes |
Billing Management
Section titled “Billing Management”| Operation | Owner | Admin | Developer | Viewer |
|---|---|---|---|---|
| View billing | Yes | Yes | No | No |
| Change plan | Yes | No | No | No |
| Update payment method | Yes | No | No | No |
Detailed Role Descriptions
Section titled “Detailed Role Descriptions”The Owner is the highest-privilege account in the organization with full management permissions. Each organization can have only one owner.
Admins have near-owner permissions but cannot:
- Remove servers
- Change the subscription plan
- Update payment methods
Suitable for trusted tech leads or DevOps engineers.
Developer
Section titled “Developer”Developers can deploy and manage applications but cannot manage infrastructure:
- Can create, deploy, and manage applications
- Can view logs and monitoring data
- Cannot add or remove servers
- Cannot manage team members
Viewer
Section titled “Viewer”Viewers have read-only access:
- Can view application status and logs
- Can view server monitoring data
- Cannot perform any modification operations
Suitable for non-technical stakeholders or personnel who need monitoring access without operational capability.
Best Practices
Section titled “Best Practices”- Principle of least privilege — Assign members the minimum role needed for their work
- Regular audits — Periodically review whether member roles are still appropriate
- Limit admin count — The Admin role should be restricted to essential personnel only
- Use the Viewer role — For people who only need to view, use Viewer instead of Developer