Admin Model and Roles
Treat authority as role + scope, never role alone.
Scope model
Platform admin scope
Platform admins work under /admin/common/* and control global setup.
They can:
- Register and monitor infrastructures
- Provision tenants and initial owner invites
- Manage global users and home-tenant assignments
- Move repositories between infrastructures
Tenant admin scope
Tenant admins work inside a specific tenant (/admin/common/tenants/<tenant_id>).
They can:
- Rename tenant slug/name
- Register repos for that tenant
- Manage repo memberships and repo groups
- Issue tenant or guest invites
Tenant governance roles
Tenant invite roles are:
MEMBERSECURITY_ADMINBILLING_ADMINOWNER
Use governance roles for organizational authority. Do not use them as a substitute for repo access assignments.
Repo membership kinds
Repo access has an independent membership kind:
INTERNAL: company-home identity and internal access postureGUEST: repo-scoped collaboration posture
Membership kind affects repo-level behavior and onboarding, but does not automatically rewrite all tenant-level governance decisions.