BG Internal
Roles & permissions
RBAC across tenants and BG-internal staff
BuilderGrid staff roles
| Role | Description | Holders | Privileged | |
|---|---|---|---|---|
| BG Owner | Founder, full superpowers, MFA-required | 2 | root | |
| BG Operations | Customer success, impersonation with audit, refunds | 5 | impersonate | |
| BG Engineering | Read-only platform metrics, deploy access | 8 | read | |
| BG Support | Tenant chat, can request impersonation | 4 | read |
Permission matrix, BG OperationsHigh privilege
| Capability | Read | Write | Approve |
|---|---|---|---|
| Tenant data (any) | yes | via impersonate | no |
| Billing & refunds | yes | yes | yes |
| Feature flags | yes | staging only | no |
| LLM prompts | yes | yes | canary <10% |
| Production secrets | no | no | no |