Admin Features (ADMIN)

Provides advanced management features to maintain overall platform health and security.

Role-Based Access Control (RBAC)

EM-OS defines four roles to enforce the principle of least privilege.

• Platform Admin (PA): Highest system-wide admin. Can create new organizations, change subscription plans, and set global limits (e.g., max users).
• Org Admin (OA): Highest admin within an organization. Has full permissions for org settings, member invitations, and all data.
• Lead (Manager): Team leader. Can manage teams, conduct 1on1s, approve ADRs, and perform evaluations.
• Member (General User): Standard user. Can update their profile, participate in 1on1s, and view data (except restricted items).

Audit Logs

Record "When, Who, and What" for all operations to support security audits.

Key Log Categories

• Authentication: Login, Logout, Login Failures.
• Organization: Team creation/deletion, Role changes, Invitation issuance.
• Admin: Subscription changes, system setting updates.
• Data: ADR deletion, operations on sensitive assets.

Onboarding Flow

Provides step-by-step guidance for new members.

1. Invite & Sign-up: Register via OAuth (GitHub/Google) using an invitation link.
2. Profile Creation: Set up photo, role, and experience.
3. Team Assignment: Select your team from the topology map.
4. Initial Skill Check: Self-evaluate current skills against the ladder to start expectation alignment with your manager.