Access Control

Reoclo uses organization-based access control with role-based permissions to keep teams and their resources isolated. This page explains how organizations work, what roles can do, and how to manage access.

Organizations

An organization is a resource boundary. All resources belong to an organization:

Servers
Applications
Deployments
Environment variables
API keys

Users in one organization cannot see or access another organization’s resources. This isolation is enforced at the infrastructure level.

Why This Matters

If you’re a consultant working with multiple clients, each client should be a separate organization. This ensures:

Client A can’t see Client B’s servers or applications
Client A’s team members can’t access Client B’s resources
Deployments, logs, and configuration are completely isolated

Even if someone gains access to one organization, they can’t pivot to another organization’s resources.

Users

Users are identified by email (globally unique). A user can belong to multiple organizations with different roles.

One User, Multiple Organizations

A single user can belong to multiple organizations. For example:

You work for Company A (organization: company-a)
You consult for Company B (organization: company-b)
You have a side project (organization: my-side-project)

You log in once with your email and password, then choose which organization to access. Switch organizations using the organization switcher in the dashboard header.

Switching Organizations

When you switch organizations, you get a new session scoped to that organization. The session includes:

Your user identity
The selected organization
Your role in that organization

All subsequent actions (viewing servers, deploying applications, etc.) are scoped to the selected organization.

Roles

Reoclo has four organization-level roles, listed from most to least privileged:

Role	What they can do
Admin	Full control: manage servers, applications, users, settings. Add and remove users.
Manager	Manage servers, applications, and deployments. Generate runner tokens. Cannot manage users or settings.
Developer	Deploy applications and manage environment variables. Cannot manage infrastructure or users.
Viewer	Read-only access to all resources. Cannot deploy, create, or modify anything.

Admin

Admins have full control over the organization:

Create, update, and delete servers
Create, update, and delete applications
Deploy applications
Manage environment variables
Add and remove users
Change user roles
Manage organization settings
Generate and revoke API keys and automation keys
Configure notifications
Manage scheduled operations

Use this role for team leads or infrastructure owners who need to manage access and resources.

Manager

Managers can manage infrastructure and deployments, but can’t manage users or organization settings:

Create, update, and delete servers
Create, update, and delete applications
Deploy applications
Manage environment variables
Generate runner tokens
View deployment history and logs

Managers cannot:

Invite or remove users
Change user roles
Modify organization settings
Generate or revoke API keys

Use this role for senior developers or DevOps engineers who manage infrastructure but shouldn’t control team access.

Developer

Developers can deploy and work with applications, but can’t manage infrastructure:

Deploy applications
Manage environment variables
View servers, applications, and deployments
View deployment history and logs

Developers cannot:

Create or delete servers
Create or delete applications
Invite or remove users
Change user roles
Generate API keys or runner tokens

Use this role for developers who need to deploy code but shouldn’t manage infrastructure or team access.

Viewer

Viewers have read-only access to all resources:

View servers
View applications
View deployment history and logs
View environment variable keys (but not values)

Viewers cannot:

Deploy applications
Create or modify servers
Create or modify applications
Manage environment variables
Invite or remove users

Use this role for stakeholders who need to monitor deployments but shouldn’t make changes.

Adding Users

Admins add users directly from the dashboard. There is no self-service signup or email invitation flow.

Navigate to Users in the dashboard
Click Add User
Enter the user’s email address and name
Select a role (admin, manager, developer, or viewer)
Click Create User

If the user’s email already exists in Reoclo (they belong to another organization), they’re added to your organization immediately. If the email is new, a user account is created with a temporary password that must be changed on first login.

Removing Users

Admins can remove users from the organization:

Navigate to Settings → Users
Find the user in the list
Click “Remove”

Removing a user revokes their access to the organization immediately. They can no longer view or modify any resources in that organization.

If the user belongs to other organizations, they can still access those organizations. Removing a user from one organization doesn’t affect their access to other organizations.

Sessions

When you log in and select an organization, Reoclo creates an authenticated session scoped to that organization and your role. All actions are performed within that session context.

How It Works

You log in with your email and password
If you belong to multiple organizations, you choose which one to access
Reoclo creates a session containing your user identity, the selected organization, and your role
All subsequent requests use this session
The session expires after a configurable period (default: 24 hours)

Switching Organizations

When you switch organizations, your session is replaced with a new one scoped to the selected organization.

This ensures you can’t accidentally perform actions in the wrong organization. Each session is explicitly scoped to one organization at a time.

Data Isolation

Organization isolation is enforced at the infrastructure level, so it’s impossible to accidentally access another organization’s data.

This is not just a UI restriction. The isolation is enforced at the infrastructure level, not just in the dashboard.

What This Means

A bug in the dashboard can’t leak data across organizations
A compromised API key can only access resources in its own organization

You don’t need to trust the UI to enforce isolation. The infrastructure enforces it.

Best Practices

Use the Right Role for Each User

Viewer: Stakeholders who only need to monitor (product managers, executives, clients)
Developer: Developers who deploy code but don’t manage infrastructure or access
Manager: Senior developers or DevOps engineers who manage infrastructure but not team access
Admin: Team leads who manage infrastructure, deployments, and team access

Don’t give everyone admin just because it’s easier. Use the principle of least privilege.

One Organization Per Team or Project

Keep clear resource boundaries by creating separate organizations for:

Different clients (if you’re a consultant or agency)
Different teams within a large organization
Different projects with separate infrastructure

Don’t mix unrelated resources in the same organization.

Audit User Access Regularly

Review the user list periodically and remove users who no longer need access:

Employees who left the company
Contractors whose engagement ended
Team members who moved to a different project

Stale access is a security risk.

Use API Keys for Automation

Don’t share user credentials with CI/CD systems or scripts. Generate API keys instead:

API keys are scoped to an organization
API keys can be revoked without affecting user access
API keys don’t expire (until you revoke them)

Generate API keys from the API Keys page in the dashboard. Use the Integration Keys tab for programmatic access, or the Automation Keys tab for CI/CD pipelines.

Next Steps

Understand encryption to see how secrets are protected
Learn about API keys for programmatic access
Set up your first server to start deploying