Access Control (RBAC)
Role-Based Access Control 💎
When multiple engineers manage a system, you don’t want everyone to have root access. Super implements a strict RBAC model to separate concerns.
Available Roles
| Role | Permissions | Ideal For |
|---|---|---|
| Viewer | Read-Only. Can view process status, logs, and metrics. Cannot modify anything. | Developers debugging issues, Dashboard displays. |
| Operator | Operational Actions. Can Start, Stop, Restart, and Signal processes. Cannot create/delete programs or manage tokens. | SREs, On-call engineers, Automated Watchdogs. |
| Admin | Full Access. Can create/delete programs, manage authentication tokens, and reload system config. | System Administrators, CI/CD Deployment pipelines. |
Usage Example
Scenario: The Junior Developer
You want a developer to be able to view logs and restart their service, but not delete the database service or change the root configuration.
1. Create an Operator Token:
super token create dev-team --role operator2. Developer usage:
# Log in once (or use --token per command)
super login "sk-..."
super restart my-app
# Denied (403 Forbidden)
super rm database