CloudM Continuity uses a role-based access model with three roles: Super Admin, Admin, and Viewer. Each role has a defined set of permissions that controls what the user can see and do within a tenant.
Role overview
| Role | Summary |
|---|---|
| Super Admin | Full access to all features, including user management. Intended for senior IT administrators. |
| Admin | Can manage policies and connections but cannot manage other users. Intended for day-to-day operations. |
| Viewer | Read-only access to dashboard, status, and logs. Cannot make any changes. Intended for oversight and auditing. |
Detailed permissions matrix
| Feature | Super Admin | Admin | Viewer |
|---|---|---|---|
| View dashboard | Yes | Yes | Yes |
| View sync status | Yes | Yes | Yes |
| View audit logs | Yes | Yes | Yes |
| View licence details | Yes | Yes | Yes |
| Create / edit policies | Yes | Yes | No |
| Enable / disable policies | Yes | Yes | No |
| Delete policies | Yes | Yes | No |
| Add / edit connections | Yes | Yes | No |
| Test connections | Yes | Yes | No |
| Invite users | Yes | No | No |
| Change user roles | Yes | No | No |
| Remove users | Yes | No | No |
| Trigger recovery | Yes | Yes | No |
Role assignment rules
- The first user who creates a tenant is automatically assigned the Super Admin role
- Invited users are assigned a role by the inviting Super Admin at the time of invitation
- Only Super Admins can change roles or manage other users
- Roles are per-tenant. A user can be Super Admin in one tenant and Viewer in another
- At least one Super Admin must exist in every tenant. You cannot remove the last Super Admin.
Choosing the right role
| Use case | Recommended role |
|---|---|
| Primary IT administrator responsible for the Continuity deployment | Super Admin |
| IT team member who manages day-to-day sync policies | Admin |
| IT manager who needs to monitor sync health | Viewer |
| Compliance officer reviewing audit logs | Viewer |
| External support engineer assisting with setup | Admin (temporary, then remove after setup is complete) |
Principle of least privilege
Assign the minimum role required for each user's responsibilities. Use Viewer for anyone who only needs to monitor, and Admin for those who need to make changes. Reserve Super Admin for users who need to manage access.