Authorization UI
Roles and permissions
Permission-denied states, role matrices and no-access surfaces standardized as dashboard language.
Permission states
Authorization is represented as clear UX states, not mystery failures.
401 Unauthorized
The user is not signed in or the session expired.
403 Forbidden
The user is signed in but lacks the required permission.
Role required
This action requires Admin or Billing manager access.
Inline no access
The section stays visible but explains why data is hidden.
Read-only mode
Controls remain visible but disabled with a clear reason.
Role matrix
Static role capability overview.
OwnerFull access
AdminManage workspace
EditorCreate and update
ViewerRead-only
Billing data hidden
Requires Billing managerYou can view customer health, but revenue details are hidden by your current role. Request access or switch workspace.
Permission matrix specimen
Use readable labels and explicit denied states; never hide critical navigation silently.
| Capability | Owner | Admin | Editor | Viewer |
|---|---|---|---|---|
| Manage billing | Allowed | Allowed | Denied | Denied |
| Invite members | Allowed | Allowed | Allowed | Denied |
| Export reports | Allowed | Allowed | Allowed | Read-only |
| Rotate API keys | Allowed | Allowed | Denied | Denied |