Dashboard Access by Role
As a tenant administrator, you can assign roles to your colleagues that grant them limited access to the Auth0 Dashboard. This allows tenant members to complete their jobs without putting production applications at risk, while also complying with the principle of least privilege.
Dashboard roles
You can assign the following roles for Auth0 Dashboard access:
Role | Permissions |
---|---|
Admin | Read and write access to all resources in the Auth0 Dashboard, including extensions. |
Editor - Connections | Read, write, and create access to all types of connections. |
Editor - Key Management | Create and manage cryptographic keys. |
Editor - Organizations | Read, write, and create access to Organization configuration. Read-only access to Users, Roles, and Connections. |
Editor - Specific Apps | Read and write access to specific applications only. |
Editor - Users | User management operations (create, delete, block, unblock, reset MFA, reset password, update metadata, assign roles, etc.) and access to logs. |
Viewer - Users | Read-only access to users and logs. |
Viewer - Config Settings | Read-only access to all configuration settings (applications, APIs, rules, security settings, etc.) except for sensitive information such as secrets, billing, users, and logs. |
Support Access - Deprecated | Access to tickets (submit, view, and update) and aggregated metrics. |
Elevated Support Access | Read, write, and create access to all support tickets created by all users on a tenant (Subscripton Tickets in Auth0 Support Center). Access to aggregated metrics. |
Availability varies by Auth0 plan
Your Auth0 plan or custom agreement affects the availability of this feature. To learn more, read Auth0's Pricing Page.
Limited-access roles restrict a tenant member's Dashboard experience to only the sections and actions necessary for their job.
The feature permissions associated with each role are outlined below. If a specific permission is not listed for a role, tenant members given that role will not have access to that area of the Auth0 Dashboard.
Admin users have read/write access to all areas of the Auth0 Dashboard, including extensions.
Dashboard Section | Subsection (if applicable) | Read/Write Access | Read-Only Access |
---|---|---|---|
Applications | Applications | ✅ + | |
SSO Integrations | ✅ + | ||
Marketplace | ✅ | ||
Get Support | Support Tickets - Create | ✅ | |
Usage Reports | ✅ | ||
Compliance | ✅ |
+ Update-only access for specific applications. Users cannot create new applications.
Dashboard Section | Subsection (if applicable) | Read/Write Access | Read-Only Access |
---|---|---|---|
Authentication | Database | ✅ | |
Social | ✅ | ||
Enterprise | ✅ | ||
Passwordless | ✅ | ||
Marketplace | ✅ | ||
Get Support | Support Tickets - Create | ✅ | |
Usage Reports | ✅ | ||
Compliance | ✅ |
Dashboard Section | Subsection (if applicable) | Read/Write Access | Read-Only Access |
---|---|---|---|
Organizations | List | ✅ | |
Members | ✅ | ||
Invitations | ✅ | ||
User Management | Users | ✅ | |
Roles | ✅ | ||
Monitoring | Logs | ✅ + | |
Marketplace | ✅ | ||
Get Support | Support Tickets - Create | ✅ | |
Usage Reports | ✅ | ||
Compliance | ✅ |
+ Access to user events only.
Dashboard Section | Subsection (if applicable) | Read/Write Access | Read-Only Access |
---|---|---|---|
Authentication | Database | ✅ | |
Social | ✅ | ||
Enterprise | ✅ | ||
Passwordless | ✅ | ||
Organizations | List | ✅ | |
Overview | ✅ | ||
Members | ✅ | ||
Invitations | ✅ | ||
Connections | ✅ | ||
User Management | Users | ✅ | |
Roles | ✅ | ||
Marketplace | ✅ | ||
Get Support | Support Tickets - Create | ✅ | |
Usage Reports | ✅ | ||
Compliance | ✅ |
Dashboard Section | Subsection (if applicable) | Read/Write Access | Read-Only Access |
---|---|---|---|
Organizations | List | ✅ | |
Members | ✅ | ||
User Management | Users | ✅ | |
Roles | ✅ | ||
Monitoring | Logs | ✅ + | |
Marketplace | ✅ | ||
Get Support | Support Tickets - Create | ✅ | |
Usage Reports | ✅ | ||
Compliance | ✅ |
+ Access to user events only.
Dashboard Section | Subsection (if applicable) | Read/Write Access | Read-Only Access |
---|---|---|---|
Applications | Applications | ✅ + | |
APIs | ✅ + | ||
SSO Integrations | ✅ + | ||
Authentication | Database | ✅ + | |
Social | ✅ + | ||
Enterprise | ✅ + | ||
Passwordless | ✅ + | ||
Organizations | List | ✅ | |
Overview | ✅ | ||
Connections | ✅ | ||
User Management | Roles | ✅ | |
Branding | Universal Login | ✅ | |
Custom Domains | ✅ | ||
Email Templates | ✅ | ||
Email Providers | ✅ + | ||
Security | Attack Protection | ✅ | |
Multi-factor Auth | ✅ + | ||
Actions | Flows | ✅ | |
Library | ✅ | ||
Auth Pipeline | Rules | ✅ + | |
Marketplace | ✅ | ||
Settings | General | ✅ | |
Advanced | ✅ | ||
Get Support | Support Tickets - Create | ✅ | |
Usage Reports | ✅ | ||
Compliance | ✅ |
+ Excludes access to secrets.
Dashboard Section | Subsection (if applicable) | Read/Write Access | Read-Only Access |
---|---|---|---|
Activity | Stats | ✅ + | |
Get Support | Support Tickets - Create | ✅ | |
Support Tickets - Manage All Users Tickets | ✅ | ||
Usage Reports | ✅ | ||
Compliance | ✅ |
+ Access to metrics only.
Log events available to user roles
Logs can contain sensitive data, such as secrets, PII, etc. It is important not to disclose sensitive data to users whose role does not require that information. However, the Editor - Users or Viewer - Users roles need to have some access to logs to identity user issues. For example, finding out if the user signed up correctly, if the user was blocked, etc.
We allow the Editor - Users and Viewer - Users with access to a limited set of log types, that are connected to user events. The log events in the list provide the necessary information about user actions but do not disclose sensitive information about other parts of the tenant configuration. To learn more, read Log Event Type Codes.
cls
cs
f
fce
fcoa
fcp
fcpn
fcpr
fcu
fdeac
fdeaz
fdecc
fdu
feacft
feccft
fede
fens
feoobft
feotpft
fepft
fepotpft
fercft
fi
flo
fn
fp
fs
fsa
fu
fui
fv
fvr
gd_auth_failed
gd_auth_rejected
gd_auth_succeed
gd_enrollment_complete
gd_otp_rate_limit_exceed
gd_recovery_failed
gd_recovery_rate_limit_exceed
gd_recovery_succeed
gd_send_email
gd_send_email_failure
gd_send_pn
gd_send_pn_failure
gd_send_sms
gd_send_sms_failure
gd_send_voice
gd_send_voice_failure
gd_start_auth
gd_start_enroll
gd_tenant_update
gd_unenroll
gd_update_device_account
limit_mu
limit_wc
mfar
pwd_leak
s
sce
scoa
scp
scpn
scpr
scu
sdu
seacft
sede
sens
seoobft
seotpft
sepft
sercft
si
slo
ss
ssa
sv
svr
ublkdu
w
Was this helpful?
Limitations
Users with Admin role can invite Editor - Specific Apps users to one application at a time. To work around this, the Admin user can edit their role to assign multiple applications after the user accepts the invitation.
The Viewer - Users and Editor - Users roles don't have access to the Users' Devices and Authorized Apps sections.
The New Activity Page is visible to Admins and Elevated Support Access users only. Editor - Users and Viewer - Users can access daily activity (such as logins or signups) through the Auth0 Management API.
Private Cloud requirements
The Editor - Users and the Viewer - Users roles require that User Search v3 and Logs Search v3 are enabled in your environment. If your environments don’t support these versions, these two roles are unavailable.