Skip to main content
Access Manager brings a robust, centralized RBAC (Role-Based Access Control) system to the table, designed to scale with your team and simplify complex permission setups.
TipNeed this feature? Access Manager is available as part of the Enterprise model. If you’d like to learn more or evaluate it for your use case, get in touch with our team.

Why Access Manager?

Access Manager replaces the Console’s legacy access control with a modern, API-driven model backed by a centralized Identity Provider. It’s built for teams that need clarity, consistency, and control over who can access what. Each Enterprise environment is single-tenant, which means your access rules are isolated and secure by design. The Identity Provider takes care of:
  • User authorization.
  • Role and group management.
  • Seamless integration between UI and API.

Our access goals

  • Centralize authentication and authorization.
  • Make it easy to manage users and permissions through a consistent interface.
  • Support role-based access (RBAC) for real-world team structures.
  • Provide a scalable solution for fast-growing teams.

Role-Based Access Model (RBAC)

Once Access Manager is activated, you can assign default roles to users. Each role defines what that user can do inside the Console:
RoleDescriptionPermissions
AdminFull system administratorComplete access to all features, settings, and resources—including user and role management.
EditorContent and settings managerCan modify content and update configurations within assigned areas, but doesn’t have full admin rights.
ContributorTask and content collaboratorCan create and contribute content or perform specific actions, but cannot change core settings.
ViewerRead-only userCan view data and system content but can’t make changes. Ideal for audits or monitoring.
AttentionCustom roles and permission definitions are not available in v1. Access is managed only through the default role set.

Using Access Manager in Midaz Console

Enabling Access Manager

After installing the Access Manager plugin, you still need to enable it for it to work. This means updating the Auth variables in the .env files of Midaz Ledger, Midaz Console, or any plugin where you want to use Access Manager. Your configuration should look like this: 
## AUTH CONFIGS
PLUGIN_AUTH_ENABLED=true
PLUGIN_AUTH_HOST=http://plugin-auth:4000

Where to update

You’ll find the relevant .env files in these locations:
  • Midaz Ledger and Midaz Console
    • /midaz/components/onboarding
    • /midaz/components/transaction
    • /midaz/components/console
  • Other plugins
    • The .env file should be in the root directory of the plugin.
TipCan’t see the files? Try adjusting your system settings to show hidden files since.env files are often hidden by default.

Rebuild after changes

After updating the environment, rebuild your Docker images to apply the changes:
1
In your terminal, go to the root of your Midaz project.
2
If Docker is running, stop it:
make down
3
Then rebuild everything:
make rebuild-up

Accessing Midaz Console

After you enable the Access Manager plugin, the login page will appear when you access Midaz Console (Figure 1).

First login as admin

The first time you log in as an admin, you can use the default admin credentials:
  • Email: [email protected]
  • Password: Lerian@123
After logging in, you’ll go through the Onboarding flow. Once that’s done, you can create the users your Organization needs. These users will use their credentials to access Midaz Console.
ImportantDon’t forget to update the admin password after your first login. It’s a simple step that helps keep your environment secure.

Managing users

ImportantOnly Admins are allowed to manage users. This includes viewing, creating, editing, resetting passwords, and deleting user accounts. Make sure this level of access is granted responsibly.

Viewing users

To view all users available, click the gear icon ( ) in the top-right corner, then select Users (Figure 2).
The Users page will open, showing the list of Users available.
AttentionThe default admin user will already be listed. You cannot delete this user, but you can edit the details such as personal information and password.

Creating a user

To create a user, follow these steps:
1
From the Users page, click the New User button (Figure 3).
2
The New User form will open on the right side of the screen.
3
Specify all the information and click the Save button at the bottom of the form.
4
The new user will appear in the list of available users.

Editing a user

To edit a user’s personal information, follow these steps:
1
From the Users page, find the user that you want to edit, click the three dots () from the Actions column, and select Edit (figure 4).
2
The Edit User form will open on the right side of the screen.
3
From the Personal Information tab, edit the information as needed and click Save.
4
You can only edit the name, last name, e-mail, and role information.

Changing a user’s password

1
From the Users page, find the user that you want to edit, click the three dots () from the Actions column, and select Edit.
2
From the Edit User form, select the Password tab (Figure 5).
3
Specify the new password, confirm it, and click Save.
4
The user password will be updated.

Deleting a user

To delete a User, follow these steps:
1
From the User page, find the User that you want to delete, click the three dots () from the Actions column, and select Delete (Figure 6).
2
A confirmation dialog will appear.
3
Click Confirm to finalize the deletion.
4
Once confirmed, the User will be permanently removed from the platform. Proceed with caution.