Role-Based Access Control (RBAC)
Sydx AI implements strict role-based access control to ensure users only access features appropriate to their role.
Roles
| Role | Level | Description |
|---|---|---|
| Owner | Organization | Organization creator with full access |
| Admin | Organization | Elevated access, manages team and settings |
| Staff | Organization | Basic access — inbox, contacts, and pipeline only |
Permission Matrix
| Feature | Owner | Admin | Staff |
|---|---|---|---|
| Dashboard Overview | Yes | Yes | Yes |
| Inbox | Yes | Yes | Yes |
| Contacts | Yes | Yes | Yes |
| Pipeline | Yes | Yes | Yes |
| Announcements | Yes | Yes | Yes |
| Analytics | Yes | Yes | No |
| Campaigns | Yes | Yes | No |
| Templates | Yes | Yes | No |
| Create Template | Yes | Yes | No |
| Flow Builder | Yes | Yes | No |
| Automations | Yes | Yes | No |
| Integrations | Yes | Yes | No |
| WhatsApp Manager | Yes | Yes | No |
| Settings | Yes | Yes | No |
| Quick Replies | Yes | Yes | No |
| Team Management | Yes | Yes | No |
| Billing | Yes | No | No |
How Permissions Are Enforced
On the Frontend
The platform restricts which pages and features are visible based on your role:
- Staff users will not see links to restricted pages in the navigation sidebar
- Attempting to access a restricted URL directly will redirect you to the dashboard
On the Backend
All requests are verified server-side:
- Each request is checked against your assigned role
- Unauthorized actions return a clear error message
- No data leakage — restricted endpoints return no data for unauthorized users
Tenant Isolation
Beyond role-based access, all data is isolated per organization:
- Users in Organization A can never access data from Organization B
- This isolation is enforced at the infrastructure level
- All queries are automatically scoped to your organization
Best Practice
Assign the Staff role to team members who only need to respond to messages and manage contacts. Reserve Admin for team leads who need access to analytics, campaigns, and settings.