Access Control
Learn how to manage user access, assign roles, and configure granular permissions across your Lognexis projects.
Important Concept
Access in Lognexis is purely project-based. A user must be explicitly invited to a project to access its data. Account owners always have implicit `AdministratorAccess` to projects they create.
System Roles
We provide built-in system roles to simplify access management. When you invite a user, you can assign them one of these predefined policies.
AdministratorAccess
Full access to all resources. Equivalent to the project owner.
* (All Actions)ReadOnlyAccess
Can view all features (logs, analytics, alerts) but cannot make any modifications.
DatabaseAdmin
Has full control over the Database Explorer but read-only access to logs and analytics.
LogAnalyst
Focuses on traffic analysis. Can view and export logs, but has no access to databases.
Custom & Granular Permissions
If system roles do not fit your needs, you can create a Custom Permission set. Custom permissions allow you to explicitly define which actions a user can take using the `service:action` syntax.
Syntax Examples
- logs:viewAllows viewing logs and traffic requests.
- alerts:*Wildcard action. Allows viewing, creating, and deleting alert rules.
- access:manageAllows inviting other users and modifying project access control.
Database Granularity
Lognexis allows you to restrict access down to specific Database Connections. This is useful if you have multiple databases (e.g. Production vs. Staging) inside a single project and want to restrict an external contractor to only staging.
Connection-Level Permissions
Instead of granting global `db:view` (which exposes all connections), you can select specific connections in the Access Control settings. This generates connection-specific permission strings: