Skip to content
Super v1.1.9 is here! 🎉 See the changelog

Access Control (RBAC)

Role-Based Access Control 💎

When multiple engineers manage a system, you don’t want everyone to have root access. Super implements a strict RBAC model to separate concerns.

Available Roles

RolePermissionsIdeal For
ViewerRead-Only. Can view process status, logs, and metrics. Cannot modify anything.Developers debugging issues, Dashboard displays.
OperatorOperational Actions. Can Start, Stop, Restart, and Signal processes. Cannot create/delete programs or manage tokens.SREs, On-call engineers, Automated Watchdogs.
AdminFull Access. Can create/delete programs, manage authentication tokens, and reload system config.System Administrators, CI/CD Deployment pipelines.

Usage Example

Scenario: The Junior Developer

You want a developer to be able to view logs and restart their service, but not delete the database service or change the root configuration.

1. Create an Operator Token:

super token create dev-team --role operator

2. Developer usage:

# Log in once (or use --token per command)
super login "sk-..."

super restart my-app

# Denied (403 Forbidden)
super rm database