Administration and User Management
User management in Prividium™ controls who can access your network and what actions they can perform. The system combines users (individual identities) and roles (permission groups) to provide flexible, granular access control. Administrators configure both through the Admin Dashboard.
Admin Panel
The Admin Dashboard provides a user interface for permission management where administrators configure data access rules and monitor system access patterns. Only designated admins can access the Admin Dashboard to manage users, roles, and contract permissions.
The initial admin is defined when the Prividium™ API launches. To add more admins, the initial admin must manually grant other users the admin role. The admin status itself is a role that can be assigned to users.
Through the Admin Dashboard, administrators can:
- View and search users including their emails, associated wallets, and assigned roles
- Add and remove users to control network access
- Create and manage roles to define access privileges
- Assign roles to users to grant specific permissions
- Configure contract permissions to control function-level access
Users
Users represent individual identities that can authenticate and interact with your Prividium™ network. Each user can authenticate through an identity provider like Okta, a crypto wallet via SIWE (Sign-In With Ethereum), or both methods.
Authentication Methods
Prividium™ supports three user types based on authentication:
| Type | Authentication | Managed From | Notes |
|---|---|---|---|
| OIDC user | OAuth 2.0 (OIDC providers) | Admin Dashboard | Linked by subject ID |
| Wallet user | SIWE | Admin Dashboard | Identified by wallet address |
| Hybrid user | OAuth 2.0 (OIDC providers) or SIWE | Admin Dashboard | Can use either method to authenticate |
Hybrid users provide flexibility, allowing authentication through either corporate identity systems or crypto wallets depending on the context.
User Capabilities
The Admin Dashboard provides comprehensive user management:
- Create users with email, subject ID, or wallet addresses
- Link multiple wallets to a single user identity
- Assign roles to define access permissions
- Edit user details including authentication methods and role assignments
- Remove users and revoke all associated access
All linked wallets inherit the same role-based permissions assigned to the user. Changes to user permissions take effect immediately, though users may need to refresh their session to see updated access.
Roles
Roles define access levels by grouping permissions that determine which contracts and functions users can call through the Proxy API. Each role represents a set of privileges that can be assigned to one or more users.
Role Management
Administrators create and manage roles through the Admin Dashboard:
- Create roles with descriptive names matching organizational structure
- Assign roles to users to grant permissions
- Combine multiple roles per user for flexible access control
- Update or delete roles as deployment requirements evolve
A user's effective permissions are the combination of all permissions granted to their assigned roles. This allows fine-grained control while maintaining simplicity through role-based grouping.
Common Role Patterns
| Role | Purpose | Typical Permissions |
|---|---|---|
| Admin | Full system management | Manage users, roles, permissions, and disclosure settings |
| Trader | Execute transactions | Write access to token contracts and trading functions |
| Auditor | Read-only observer | View contract data and public disclosures |
| Operator | System maintenance | Read/write access to operational contracts only |
Customize role names and scopes to match your organization's workflow and security requirements.
Access Control Flow
The user and role system integrates with Prividium's permission architecture:
- User authenticates via Okta or wallet signature
- System identifies user and retrieves assigned roles
- User calls contract function through Proxy API
- Prividium API checks if user's roles permit the function call
- Request proceeds or fails based on permission evaluation
This architecture separates identity management (users) from access control (roles and permissions), enabling flexible security policies that adapt to changing requirements.