CanIPhish uses Role-Based Access Control (RBAC) to manage user permissions and control access to sensitive data. Whether you're a managed service provider (MSP) working across multiple tenants or a standalone organization looking to define internal access levels, RBAC makes it easy to delegate responsibilities securely.
User Roles and Permissions
Platform Reporter – Read-only access to campaign reporting and statistics. Reporting visibility can be limited to specific campaign tags.
Platform User – Full access to phishing and training operations. Users can build and manage employee lists, run campaigns, and create or edit content.
Platform Admin – Inherits all User permissions, plus access to manage platform settings and, in standard setups, billing and subscription configuration.
Platform Super Admin - This role is assigned to the creator of the tenant. When white labelling is activated, this is the only role with access to actively manage subscriptions.
Access Matrix For Tenants Without White Labelling
| Actions | Platform Reporter | Platform User | Platform Admin | Platform Super Admin |
|---|---|---|---|---|
| View Campaign Statistics | ✅ | ✅ | ✅ | ✅ |
| View Reporting | ✅ | ✅ | ✅ | ✅ |
| Create & Manage Employee Lists | ❌ | ✅ | ✅ | ✅ |
| Create & Manage Campaigns | ❌ | ✅ | ✅ | ✅ |
| Create/View/Modify Phishing Content | ❌ | ✅ | ✅ | ✅ |
| Create/View/Modify Training Content | ❌ | ✅ | ✅ | ✅ |
| Manage Platform Settings | ❌ | ❌ | ✅ | ✅ |
| Subscription & Billing Management | ❌ | ❌ | ✅ | ✅ |
| Can Revoke/Re-assign Platform Super Admin Access | ❌ | ❌ | ❌ | ✅ |
Access Matrix For White Labelled Tenants
| Actions | Platform Reporter | Platform User | Platform Admin | Platform Super Admin |
|---|---|---|---|---|
| View Campaign Statistics | ✅ | ✅ | ✅ | ✅ |
| View Reporting | ✅ | ✅ | ✅ | ✅ |
| Create & Manage Employee Lists | ❌ | ✅ | ✅ | ✅ |
| Create & Manage Campaigns | ❌ | ✅ | ✅ | ✅ |
| Create/View/Modify Phishing Content | ❌ | ✅ | ✅ | ✅ |
| Create/View/Modify Training Content | ❌ | ✅ | ✅ | ✅ |
| Manage Platform Settings | ❌ | ❌ | Partial* | ✅ |
| Subscription & Billing Management | ❌ | ❌ | Partial* | ✅ |
| Can Revoke/Re-assign Platform Super Admin Access | ❌ | ❌ | ❌ | ✅ |
Partial*: When a Platform Admin is managing platform settings under a white-label, the ability to manage the white-label for that tenant is hidden from view. Additionally, when a Platform Admin is accessing the Subscription & Billing Management page, the ability to purchase or actively manage the subscription is hidden from view. Instead they can just see the current subscription start/end dates and quota usage.
Partner Accounts
If your organization has been onboarded as a partner, then this section applies to how we treat your account. When a partner is onboarded, we use the domain name of that partner as a unique partner identifier. For example, if your organization uses the domain name thebestmsp.com, then we use this as a unique identifier. Whenever an account is created that utilizes this exact domain name (e.g., john.doe@thebestmsp.com), they will seamlessly gain access to the customer management dashboard and be able to view the tenants to which they have been granted access.
Comments
0 comments
Please sign in to leave a comment.