Current Role Model and Practical Governance
Who this is for
Organization Owners setting up team access, and anyone who wants to understand what each role can and cannot do in CloudAIPilot.
What you will complete
Understand the four roles in CloudAIPilot, the permissions each role grants, and practical recommendations for assigning roles in your organization.
The four roles
CloudAIPilot uses four roles, assigned per organization:
Owner
The highest privilege level. Owners have full control of the organization.
What Owners can do:
- All infrastructure operations (servers, sites, apps, backups, monitoring)
- All AI Pilot operations including approve write actions
- Manage team members (invite, change roles, remove)
- Change AI settings, notification channels, and billing
- View and export the audit log
- Delete the organization
Limits: Only one Owner per organization at this time. The Owner cannot be removed without first transferring ownership.
Admin
Full infrastructure control, with a few governance limitations.
What Admins can do:
- All server, site, app, backup, and monitoring operations
- Approve all AI Pilot write actions
- View the audit log
- Change notification channels and some settings
What Admins cannot do:
- Change billing settings
- Delete the organization
- Transfer ownership
Use Admins for: Senior engineers and team leads who need full operational access but should not have billing or org-level control.
Member
Standard operational access with limited governance.
What Members can do:
- View server metrics and monitoring
- Manage sites and apps (deploy, rollback, configure)
- Create and manage backups
- Use AI Pilot for read operations and limited write approvals
- View notification history
What Members cannot do:
- Provision new servers or delete existing servers
- Change server firewall rules
- View the audit log
- Manage team members
- Change AI settings or notification channels
Use Members for: Developers who deploy and manage applications but should not have infrastructure provisioning rights.
Viewer
Read-only access. Cannot change anything.
What Viewers can do:
- View server statuses and monitoring dashboards
- View site and app information
- View backup history
- View alert history
What Viewers cannot do:
- Make any change to infrastructure
- Access AI Pilot
- View notification settings or audit logs
Use Viewers for: Stakeholders, clients, or external contractors who need visibility but must not be able to change anything.
Role permission matrix
| Action | Owner | Admin | Member | Viewer |
|---|---|---|---|---|
| View monitoring and metrics | ✓ | ✓ | ✓ | ✓ |
| Deploy sites and apps | ✓ | ✓ | ✓ | — |
| Create/restore backups | ✓ | ✓ | ✓ | — |
| Provision new servers | ✓ | ✓ | — | — |
| Delete servers | ✓ | ✓ | — | — |
| Change firewall rules | ✓ | ✓ | — | — |
| Approve AI write actions | ✓ | ✓ | Limited | — |
| Manage team members | ✓ | — | — | — |
| Change AI settings | ✓ | ✓ | — | — |
| Change billing | ✓ | — | — | — |
| View audit log | ✓ | ✓ | — | — |
| Delete organization | ✓ | — | — | — |
Practical recommendations
For a solo founder or single-person team: Owner role only. No additional members needed until the team grows.
For a small team of 2–4 developers: Owner (you) + Admin for your most trusted co-developer + Member for other developers.
For a team with a client: Owner + Admin for your lead engineer + Viewer for the client (they can see status but cannot change anything).
For a team with junior developers: Owner + Admin for senior engineers + Member for junior developers (they can deploy but cannot touch servers).
Rule of thumb: Assign the least-privileged role that lets someone do their job. Elevate only when needed, with a clear reason.