Roles & Access
Four roles. Single sign-out from any page. Per-city credentials provisioned by Cittopia and rotated on request.
The four roles #
| Role | Read | Write | Approve | Delete |
|---|---|---|---|---|
| City Administrator | All | All | ✓ | ✓ (with confirmation) |
| Department Lead | All | Own department | Own scope | Soft-delete only |
| Analyst | All | Drafts only | — | — |
| Read-only | All | — | — | — |
Authentication model #
The current implementation is a demo-grade client-side gate with credential validation against a server-issued map. Production deployments will move credential validation server-side (planned for Phase 6 of the roadmap). See auth-gate.js for the source.
Security disclosureToday's auth gate is a UX scaffold, not a true security boundary. Until server-side auth ships, treat the admin panels as a "soft enclosure" — appropriate for demos and named-pilot trials, not for actual privileged data.
Rotating credentials #
Email hello@cittopia.com with the subject Rotate handle: city_admin. Cittopia issues a new authentication key within 24 hours and revokes the old one on confirmation.
Last updated 30 April 2026 by Tunç Meriç
Suggest an edit