Overview

Cyolo uses role-based access control (RBAC) to ensure administrators and managers have access only to the Cyolo components relevant to their responsibilities. Each admin role has predefined permissions across Cyolo components.

These permissions determine what each role can view or modify in the platform.

See the table below for specific permission details.
See Role Summaries for an overview of the permissions assigned to each Role.

RBAC Permission Matrix

The table below shows the permissions granted to each admin role across Cyolo components.

Permissions are shown as:

R/W – Read and write (full management access)
R – Read-only
Blank – No access

Component	Super Admin	Operational Admin	Read Only Admin	Help Desk	Logs Viewer	Access Manager
Applications	R/W	R/W	R	R		R
Identities	R/W	R/W	R	R/W		R
Devices	R/W	R/W	R	R
Policies	R/W	R/W	R	R
Vault	R/W	R/W	R			R/W
Sessions	R/W	R/W	R	R		R/W
Topology	R/W	R	R
Logs	R/W	R/W	R	R	R	R/W
Integrations	R/W	R	R
Configurations	R/W
Roles/Supervisors and Roles/Auditors	R/W	R/W	R
Roles/Admins	R/W
Assets	R/W	R/W	R
File Transfer	R/W
Remote Assistance	R/W					R/W

Role Summaries

Super Admin

Full administrative access across all components, including system configuration and role management.

Operational Admin

Broad administrative access to applications, identities, policies, assets, and sessions. Suitable for day-to-day operational management.

Read Only Admin

Visibility into most components without the ability to make changes. Suitable for audit and oversight.

Help Desk

Focused access for user support workflows. Can view and modify sessions and identities. No access to administrative configuration.

Logs Viewer

Read-only access to logs and auditing data only.

Access Manager

Manages access flows and session-related controls. Has R/W access to vault, sessions, logs, and applications.