For Administrators
Technical documentation for platform administrators managing tenants, users, audit logs, feature flags, and system configuration on Illumera.
RBAC Roles
Illumera uses Role-Based Access Control (RBAC). Roles are stored as a text array on the user
record, enabling a single user to hold multiple roles simultaneously (e.g., person +
company_admin for a founder who is also a contractor).
The backend API currently recognizes a legacy company role alongside the four canonical roles
below (VALID_USER_ROLES = ["platform_admin", "company", "person"]). The rate limiter's 120 RPM
company tier checks roles.includes("company"), which does not match company_admin or
company_member. New users are assigned company_admin (not company). Existing users with the
legacy company role continue to operate until roles are migrated.
| Role | Description | Scope |
|---|---|---|
platform_admin | Full unrestricted access. Manages all tenants, users, feature flags, system settings, and audit logs across the entire platform. | Platform-wide |
company_admin | Full control within their tenant — creates/edits projects and slots, invites talent, searches the talent marketplace, manages engagements, views financials, and configures company settings. | Tenant-scoped read/write |
company_member | Read access within their tenant — can view projects and match scores for specific slots but cannot create or modify resources. Does not have access to the company-wide talent marketplace search. | Tenant-scoped read-only |
person | Individual talent — manages their own profile, skills, availability, and engagements. Cannot access company or admin portals. | Own data read/write |
Initial roles are self-assigned through onboarding: the person role is claimed via the talent
onboarding flow; company_admin is granted automatically when a user completes the company
setup wizard. Subsequent role changes are performed by platform_admin users via the Admin
panel — Admin → Users → [user] → Edit Roles.
Tenant Management
A Tenant represents a distinct organizational boundary in the database. All person profiles, company profiles, projects, engagements, and match scores are strictly scoped by tenant ID. Non-admin API calls cannot cross tenant boundaries.
Navigate to Admin → Tenants to:
- Create a new tenant — provide a name, optional email domain (used for email-domain matching within the tenant), plan tier, and initial status. No invitation email is sent automatically; users must sign up and complete onboarding independently.
- Suspend a tenant — sets the tenant status to
suspendedin the database. Note: the current auth middleware does not enforce tenant status during API access, so suspension is a record-keeping signal rather than a hard sign-in block at this time. - Reactivate a suspended tenant — restores access immediately.
- View tenant detail — see all companies, users, and resource counts within the tenant.
Tenant partnerships can be established to allow one tenant's talent pool to appear in another tenant's search results. When a partnership is active, federated talent profiles from the partner tenant appear in marketplace searches alongside your own bench.
User Management
Navigate to Admin → Users to view the platform-wide user directory. The directory shows all users across all tenants with their roles, tenant membership, and onboarding status.
Key capabilities:
- Search — Filter by name, email, or role. Results update in real time as you type.
- Role Assignment — Open any user record to view and edit their roles. Changes take effect immediately on the next API request from that user.
- Profile Visibility — See whether each talent profile is hidden from or visible to marketplace search.
Audit Logs
Illumera maintains an immutable audit log of all significant platform events. Navigate to Admin → Audit Logs to view the live stream.
The audit log captures:
- Creation, modification, and deletion of projects and engagements
- Feature flag updates
- Company and person profile onboarding events
- Culture profile submissions and updates
- Tenant creation, suspension, and reactivation
Role changes via Admin → Users → Edit Roles (PATCH /admin/users/:id/roles) currently update the database but do not write an audit log entry. Role changes are not recorded in the audit log at this time.
Filter audit log entries by resource type (project, engagement, user, tenant, feature flag) and by actor (specific user). The live stream view updates automatically as new events arrive.
Audit log entries are also accessible programmatically via GET /admin/audit-logs (requires
platform_admin authentication or a valid internal API secret). The endpoint supports
filtering by action type, resource type, actor, and time range.
Feature Flags
Platform administrators can toggle feature flags without a deployment. Navigate to Admin → Feature Flags. Changes take effect immediately for all users on the platform and are recorded in the audit log.
Feature flags are used to gradually roll out new capabilities, run A/B tests, and disable functionality for maintenance without a full deployment cycle.
System Settings
Navigate to Admin → Settings to manage platform-wide configuration. Settings are organized into tabs:
- AI Models — Configure which AI models power the scoring engine and resume parsing. Set Anthropic (Claude) for spider scoring and OpenAI (gpt-4o-mini) for resume extraction.
- SMTP / Email — Configure SMTP server settings (host, port, username, from address). These
are stored as feature flags for future SMTP routing. The active email provider is Resend,
which reads the
RESEND_API_KEYenvironment variable on the API server. Without a validRESEND_API_KEY, email notifications are silently disabled but the platform continues to operate normally. - Database — View a read-only shard topology display and trigger a search re-index. This is a UI placeholder; live connection health checks are not integrated.
- Maintenance Mode — Toggle maintenance mode to display a maintenance page to all non-admin users while preserving admin access for system operations.