Admin Panel Guide

The Admin Panel is the platform control plane for NowToPrint operations. It provides platform-wide visibility over users, organizations, roles, packages, entitlements, access governance, audit evidence, and operational settings.

This guide is aligned with the current IAM source of truth in @nowtoprint/contracts. Older prototype role names such as support, member, and viewer are not current platform roles.

---

What Is the Admin Panel?

The Admin Panel is a restricted area of the NowToPrint dashboard that provides:

• User management: create, search, edit, deactivate, and review user accounts
• Organization management: create organizations, assign profiles, approve supplier readiness, and manage memberships
• Roles & permissions: assign canonical platform roles and configure organization membership roles
• Access governance: review privileged access, support access requests, and IAM audit evidence
• Packages & entitlements: manage package tiers, capabilities, billing grants, and entitlement overrides
• Audit visibility: review changes to users, roles, organizations, entitlements, and sensitive operations

Note: The Admin Panel is separate from organization-level settings. Organization owners manage their own teams from organization settings, while the Admin Panel provides platform-wide oversight and governance.

---

Who Can Access It?

Admin Panel access depends on canonical platform roles and permission checks. High-risk roles require stricter governance.

Platform Role	Access Level
platform_owner	Ultimate platform authority; recommended maximum 2 holders
super_admin	Full platform administration; recommended maximum 3 holders
marketplace_ops	Marketplace operations for users, organizations, orders, and verification workflows
finance_admin	Finance, payout, refund, commission, and direct-deal controls
security_admin	Security controls, access governance, API-key governance, and audit-sensitive operations
entitlement_admin	Package and capability control-plane management
pricing_admin	Pricing, commission, and commercial policy management
support_admin	Read-only support visibility into users and organizations
growth_admin	Growth and platform analytics operations
content_localization_admin	Content and localization operations
master_data_steward / standards_steward	Master-data and standards stewardship
readonly_auditor	Read-only audit visibility

Legacy aliases such as admin, superadmin, and read_only_auditor may exist for migration safety. New assignments should use canonical names.

Required Permissions

Each Admin Panel section requires specific permissions:

Section	View Permission	Manage Permission
Users	admin.users.view	admin.users.manage
Organizations	admin.organizations.view	admin.organizations.manage
Roles	admin.roles.manage	admin.roles.manage
Packages	admin.entitlements.view	admin.entitlements.manage
Entitlements	admin.entitlements.view	admin.entitlements.manage

Permissions can still be denied by organization scope, package entitlements, billing state, rollout state, quota, risk policy, or access-governance controls.

---

Navigation Overview

The Admin Panel is organized into operational surfaces:

---

Typical Admin Workflows

Onboarding a New Platform Operator

1. Navigate to Admin -> Users -> Create User.
2. Fill in name and email.
3. Assign the minimum canonical platform role required for the operator's job.
4. Route critical or high-risk platform-role assignments through access governance.
5. Confirm the audit trail captures the assignment evidence.

Onboarding a Customer, Supplier, Broker, or Agency User

1. Create or find the user account.
2. Leave elevated platform administration unset unless the person is an internal platform operator.
3. Add the user to the correct organization with an organization template or marketplace membership role.
4. Send the invitation.

Setting Up a New Organization

1. Navigate to Admin -> Organizations -> Create Organization.
2. Select the organization profile, such as buyer, supplier, broker, or agency.
3. Assign package tier and entitlement profile.
4. Invite the organization owner or producer owner.
5. For suppliers, complete the supplier readiness and marketplace access review before quote visibility.

Reviewing Access

1. Navigate to Admin -> Access Governance or Admin -> Users.
2. Review privileged platform roles, support access requests, stale access, and last-login risk.
3. Revoke or downgrade unnecessary privileged access.
4. Export evidence when needed for launch, security, or enterprise review.

---

Best Practices

• Review critical access frequently: audit platform_owner, super_admin, security_admin, entitlement_admin, pricing_admin, marketplace_ops, and finance_admin at least every 30 days.
• Use organization roles first: most customer and supplier workflows should use organization membership roles, not platform administration.
• Avoid legacy aliases for new assignments: prefer super_admin over admin or superadmin, and readonly_auditor over read_only_auditor.
• Use support_admin for read-only support visibility: do not document or assign a raw support platform role.
• Keep audit evidence complete: access review, support access, entitlement override, and high-risk role changes must remain exportable.

---

See Also

• Roles & Permissions - code-aligned reference for all launch roles and permissions
• IAM Architecture - current IAM stack and decision model
• Access Governance - access review, support access, and audit evidence
• User Management - account lifecycle and platform-role changes

---

Next: User Management ->