Admin Panel Roles and Permissions
Role-based access keeps daily operations separate from production configuration. Use one named account per person and assign the smallest role that allows the work they need to do.
Role Summary
| Role | Best for | Typical access |
|---|---|---|
owner | Product owners, technical leads, and trusted administrators | Full setup, team access, settings, operations, support, moderation, campaigns, imports, exports, and audit review. |
operator | Operations staff | Business workflows such as orders, bookings, trips, listings, driver availability, provider readiness, imports, and exports. |
support | Customer support | User lookup, account review, support actions, user timeline context, and read-only operational context. |
moderator | Trust and safety teams | Reports, user-generated content review, dating safety, social moderation, hide/show actions, and escalation handling. |
content_manager | Content, catalog, and marketing teams | Products, listings, media, templates, campaigns, featured content, categories, and safe content updates. |
First Owner Setup
The first owner is created before the Admin Roles page can be used.
Recommended flow:
- Create the user in Firebase Authentication.
- Assign
role: "owner"with Firebase Auth custom claims or a Firestoreusers/{uid}document. - Sign in to the admin panel.
- Open Admin Roles.
- Add the rest of the team from the dashboard.
After the first owner exists, avoid changing roles directly in Firebase Console unless you are recovering access.
Permission Boundaries
Use these boundaries when assigning roles:
| Area | Recommended roles |
|---|---|
| App Settings and launch configuration | owner |
| Admin Roles | owner |
| Audit Log review | owner, operator when operational review is needed |
| Support Cockpit | owner, support, operator |
| Campaigns | owner, content_manager, operator |
| Media Library | owner, content_manager, operator |
| Commerce, appointments, taxi, listings workflows | owner, operator |
| Social moderation, reports, dating safety | owner, moderator |
| Catalog, listings, templates, content | owner, content_manager, operator |
Recommended Team Setups
Solo Operator
- one
owneraccount for setup; - one separate
operatororsupportaccount for day-to-day testing.
Do not use the owner account for every routine action. Keeping daily work in a separate role makes Audit Log easier to understand.
Small Operations Team
- founder or technical lead:
owner; - operations lead:
operator; - support agent:
support; - content or catalog manager:
content_manager; - trust and safety reviewer:
moderator.
Agency Or Implementation Partner
- product owner:
owner; - implementation partner: temporary
owner; - operations lead:
operator; - support team:
support; - content team:
content_manager.
Remove temporary owner access after setup is complete.
Production Access Rules
Before production:
- use named accounts, not shared logins;
- keep at least two owner accounts for recovery;
- remove inactive admins;
- remove implementation-only access after setup;
- use the smallest practical role for every person;
- review Audit Log during the first production week;
- rotate temporary credentials used during setup.
Recovery
If all owner accounts are locked out:
- open Firebase Console;
- find the intended owner in Authentication;
- restore
role: "owner"using custom claims orusers/{uid}; - sign in to the admin panel;
- review Admin Roles and Audit Log.