Users and Roles

DartStream uses users, tenants, and roles to control access to workspaces and runtime operations.

Current Login Context

After login, the auth service returns:

  • user identity

  • active tenant ID

  • active tenant role

  • canonical tenant ID

  • canonical role

  • tenant memberships

  • subscription context

The frontend stores this context so protected routes can route users correctly.

Role Direction

Common roles include:

  • Admin: manage workspace settings, users, billing, and runtime controls.

  • Developer: manage projects, environments, integrations, and runtime configuration.

  • Viewer: inspect dashboards, telemetry, audit history, and read-only state.

Team Invite Workflow

Team and role invitations are part of the product roadmap and should include:

  • invitation email

  • target tenant

  • role

  • expiry

  • acceptance flow

  • audit event

  • entitlement checks for team member limits

Security Notes

Role checks must be enforced by backend services. Frontend visibility should never be the only control for a privileged action.