4: Users, roles and permissions
The Dashboard is multi-user. Access is controlled by role and by two scoping axes: which servers and which modules a user may use.
4.1: Roles
- Admin: full access to every module and server.
- User: access only to the modules and servers they are granted.
prop isAdmin => $this->role === 'admin'4.2: Scoping
A non-admin user carries two allow-lists:
| Scope | Controls |
|---|---|
| allowed servers | which hosts in the fleet they can act on |
| allowed modules | which Dashboard modules they can open |
The navigation and every route honor both, so a user scoped to one server and the Notifications module sees exactly that and nothing else.
4.3: Authentication
Login uses bcrypt password hashing, and the fleet can verify a user against a shared secret so one identity works across sub-dashboards. Because auth is a resource, the same gating is available to any Phlo app that needs it, not just the Dashboard.