EnderDashAccess Model
Understand how organization roles, server grants, plan limits, and target capabilities combine to control what each person can see and do.
Membership and access are separate ideas
Being in an organization does not automatically mean full access to every server or page.
EnderDash evaluates access in layers:
- organization role
- server grant
- plan features
- target capabilities
That layered model is why two people in the same organization can see different pages or panels.
Organization roles
| Role | Typical meaning |
|---|---|
| Owner | Full organization control |
| Admin | Day-to-day operational control |
| Member | Access limited to what has been granted |
Owners and admins are the elevated roles.
What elevated roles can usually access
Elevated roles can typically access pages and actions such as:
- Downloads
- server creation and deletion
- agent-key rotation
- Billing
- Activity
- Ocelot Settings
- organization-wide member and grant management
Members should not expect those setup and administrative surfaces to appear.
Why a page or panel can still be missing
Even if a user has the right role, visibility can still depend on:
- whether they were granted access to the server
- whether the organization plan includes the feature
- whether the connected target exposes the capability behind that panel
That is why access questions and capability questions are related, but not interchangeable.
The most common source of confusion
The most common access complaint is:
I can see the organization, but not the server or panel I need.
That is usually a missing server grant, not a frontend bug.
Related pages
Was this page helpful?
Send a quick note if anything is missing or unclear.
Last updated on