APIXX.flow logo
Back to app
Operations · admin-only

Admin console

Admins get a dedicated lower-left section in the sidebar and a global toggle in the top bar. Admin Mode flips every page from 'your tenant' to a cross-tenant view, while the customer picker lets you scope to a single customer when you need to.

Who can use it

Admin access is granted server-side via the has_role('admin') check. APIXX staff and designated customer-success leads are the typical admins. If you think you should be one and aren't, ask the head of your APIXX engagement.

Admin Mode toggle

The shield icon in the top bar toggles Admin Mode. When ON:

  • Dashboard KPIs aggregate across all tenants.
  • The Flows, Runs, Connectors, and Data lists show every tenant's data, with a customer_id column.
  • The Customer picker becomes available next to the toggle.

Your choice persists across sessions in a cookie. Flipping back to OFF restores your own tenant's view.

Customer picker

With Admin Mode ON, click the picker to either select All customers (aggregate view) or pick a single customer to scope every list and KPI to. The picker is searchable; recently-viewed customers float to the top.

Cache refresh is scoped
The Refresh button in the top bar refuses to run while "All customers" is selected — it would force a system-wide cache rebuild. Pick a customer first.

Impersonation

From Admin → Users, click View as on any user. The app reloads scoped to that user's tenant. Impersonation is session-scoped:

  • No auth-token swap. You remain authenticated as yourself for audit purposes.
  • A persistent amber banner reads "Impersonating customer X as user Y" with an Exit button.
  • Writes are still authored by you; the audit log records both identities.
  • Destructive actions (delete, rotate API key) require a typed confirmation while impersonating.

Users & roles

The roles model lives in a dedicated user_roles table — never on the user record:

RoleGranted toCapabilities
adminAPIXX staff, designated customer leadsEverything, including cross-tenant views.
operatorCustomer ops & analyticsRead all, trigger runs, pause flows, rotate keys.
viewerRead-only stakeholdersRead everything; no mutations.

Data ops

The Data ops page exposes admin-only canonical-data controls: manual dedup merges, schema migrations, and force-refresh of the canonical store for a single entity. Use sparingly — every action is audited.

System status

System status shows infrastructure-level health of Flows itself — API latency, queue depth, scheduler lag, and cache hit rate. This is distinct from customer-facing connector health.

Audit log

Every privileged action — impersonation start/stop, role grant, key rotation, flow force-trigger — is captured in an append-only audit log with both actor and target identities, request ID, and IP. Export to CSV from any filter scope.

PreviousUsage & quotasNext Apps & Billing