For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
  • Getting Started
    • Introduction
    • Getting Started
    • Tia — Operations Assistant
    • Architecture
    • Security Architecture
  • Onboarding & Plans
    • Onboarding Overview
    • Plans & Subscriptions
    • Tia Credits
  • Tenancy & Governance
    • Roles & Members
    • Audit Log
    • Notifications
    • Economic Operators
  • Authoring Studios
    • Content Studio
    • Theme Studio
    • Advanced Studio (Track B)
  • Product Module
    • Products
    • Custom Fields
    • Global Search
    • Identifiers
    • Product Import
    • Bulk Editing
    • Bulk Updates
    • Resolver & GS1 Digital Link
    • GS1 Digital Link Contract
  • Localisations
    • Overview
    • Market Packs
    • Multilingual Content
  • Domains & Custom Hostnames
    • Domain Architecture
    • Resolver Domain Flow
    • Custom Hostname Setup
    • DNS Setup Guide
    • Resolver & Passport Rendering
    • Custom Hostname Lifecycle
    • Troubleshooting
  • Passports
    • Overview
    • Passport Operations
    • Lifecycle States
    • Controlled Update & Break-Glass
    • Content & Templates
    • Themes & Presentation
    • Consumer Experience
    • Publication Lifecycle
    • Brand Setup & Readiness
    • Drafts
  • Passport Intelligence
    • Passport Intelligence
    • Intelligence Overview
    • Scan Visibility
    • Trust Signals
    • Engagement Insights
    • Investigation Timelines
    • Data & Privacy
    • Roadmap
  • Minting
    • Overview
    • Lifecycle
    • Architecture
    • Limits & Performance
    • Token Preview
    • Exports & Print Jobs
    • Carrier Output Profiles
    • Bring-Your-Own Serials
    • Security
    • FAQ
  • API Reference
    • API Credentials Guide
    • API: Credentials
    • API: Products
    • API: Identifiers
    • API: Import
    • API: Batches
    • API: Attachments
    • API: Bulk Updates
    • API: Minting
    • API: Resolver
    • API: Search
On this page
  • Role Model
  • Member Management
  • Platform Plane
  • Vendor Sandbox
  • Audit Log
  • Related Docs
Tenancy & Governance

Tenancy, Roles & Members

Was this page helpful?
Previous

Audit Log

Next
Built with

tieback

is a multi-tenant platform. Every brand workspace is a fully isolated tenant — products, identifiers, passports, audit records, API credentials, and billing state are partitioned by brand_id at the database level and enforced by Row-Level Security on every read and write.

Role Model

Roles are stored in a dedicated user_roles table, never on the user or profile record, and are scoped to a specific brand_id. Role checks reject NULL brand scope to prevent privilege escalation across tenants.

RoleScopeWhat it can do
OwnerBrandFull administrative control, including billing, member management, and workspace deletion
AdminBrandFull operational control except billing and ownership transfer
EditorBrandCreate and edit products, passports, themes, and content
ViewerBrandRead-only access to the workspace
VendorBrand (sandboxed)Constrained read/write inside an isolated vendor sandbox
Platform AdminPlatformtieback staff role for support and platform operations; never consumes tenant seats

Custom roles and granular permission packs are configured in Settings → Roles.

Member Management

Workspace owners and admins manage members from Settings → Roles:

  • Invite new members by email
  • Assign or change roles
  • Revoke access immediately
  • Transfer workspace ownership atomically (a workspace must always have exactly one owner)

Each member with at least one active role inside the workspace counts as a billable seat. Removing a member frees the seat immediately.

Platform Plane

A separate platform plane exists for tieback staff. Platform admins can:

  • Investigate and support customer workspaces with full audit logging
  • Manage carrier output profiles, market packs, and the field dictionary
  • Operate the support console for incident response

Platform admin actions inside a tenant are logged distinctly from tenant-member actions and are subject to the no standing access policy — break-glass interventions require time-bound, cryptographically logged approvals.

Vendor Sandbox

External vendors (for example, contract manufacturers) can be granted access through a sandboxed vendor role. Vendors see only the products, batches, and assets explicitly shared with them and cannot enumerate the wider workspace.

Audit Log

Every role change, invitation, ownership transfer, and platform-staff intervention is recorded in the workspace audit log. See Audit Log.

Related Docs

  • Audit Log
  • Plans & Subscriptions
  • Security Architecture