Admin and Access

Access in MyGreat is scoped first by tenant membership and then by the role attached to that membership.

Sign-in and tenant access

• Sign-in uses the configured identity provider and requires a verified email address.
• Email is the canonical user identity key inside the application.
• The application can also store an optional full name when the identity provider supplies it.
• A user can belong to more than one tenant and switch between those tenants in the User Interface.

Tenant roles

MyGreat currently uses these tenant roles:

• Owner: full tenant control, including owner-level membership changes and tenant deletion.
• Admin: day-to-day administration, including most tenant settings and membership management, but not owner-only actions.
• Member: normal operator access inside the tenant.
• Workspace viewer: read-only access to the workspaces explicitly assigned to that membership.

What access control affects

Access control determines who can:

• change tenant settings
• manage Storage Repositories, jobs, and runner assignment
• manage membership and workspace visibility
• access billing and administrative actions

Operator guidance

• Give users the narrowest role that still lets them do the work.
• Use Workspace viewer when a user only needs read-only visibility for selected workspaces.
• Review tenant membership regularly, especially after migration cutovers or staff changes.

See also

• Security
• Workspaces
• Runner Pools and Runners