Skip to content
Arda Platform Documentation

Access Rules for UserAccounts and Tenants

UserAccounts and Tenants have special access control characteristics because they cannot be strictly scoped by the current session tenant. This document summarizes the MVP2 access rules for the three personas of the Arda Cloud system.

Shared Constraints

Section titled “Shared Constraints”
  • A UserAccount is only created by a user signing up to Arda Cloud.
  • A Tenant is only created by a user signing up through HubSpot.
  • No persona can manually create a UserAccount or Tenant via API or UI; creation always happens through the sign-up or onboarding flow.

End Users

Section titled “End Users”
  • Can view all UserAccounts associated with the current tenant.
  • Can view all Tenants they belong to.
  • Can update their own UserAccount.
  • Can leave a Tenant.
  • Cannot create, update, or delete UserAccounts or Tenants.

Tenant Administrators

Section titled “Tenant Administrators”

In addition to End User permissions:

  • Can leave a tenant unless they are the last Tenant Administrator.
  • Can change the role of any UserAccount in the tenant they administer, unless it would leave the tenant without an Administrator.
  • Can suspend or evict users from the tenant they administer.
  • Can invite other users to the tenant they administer.
  • Cannot update System Administrators.
  • Can update the tenants they administer, including changing the subscription plan.

System Administrators

Section titled “System Administrators”

In addition to Tenant Administrator permissions:

  • Can view all UserAccounts and all Tenants.
  • Can leave a tenant unless they are the last System Administrator.
  • Can change the role of any UserAccount in any tenant, unless it would leave the tenant without both a Tenant Administrator and a System Administrator.

Copyright: © Arda Systems 2025-2026, All rights reserved