Access Control
Ventryx uses a layered access control model — role-based access for human users, scope-based access for API clients, and network-level controls for Enterprise organizations.
Role-based access control (RBAC)
Every team member is assigned a role that determines their access to dashboard features and API operations on behalf of the organization.
| Role | Billing | API Keys | Team Mgmt | Workflows | Events |
|---|---|---|---|---|---|
| Owner | Full | Full | Full | Full | Full |
| Admin | View | Full | Invite/remove | Full | Full |
| Member | None | None | None | Read/write | Read/write |
| Viewer | None | None | None | Read only | Read only |
Scope-based access (API keys)
API keys carry explicit scopes — they never inherit user roles. Each key can only perform the operations specified in its scope list, regardless of who created it.
Apply the principle of least privilege: issue each API key only the scopes it absolutely needs. A key used only to emit events needs events:write — not org:admin.
IP allowlisting (Enterprise)
Restrict API access to traffic originating from specific IP addresses or CIDR ranges. When allowlisting is active, requests from unlisted IPs receive 403 Forbidden — even with a valid API key.
curl -X PATCH https://api.ventryx.io/v1/orgs/current \
-H "Authorization: Bearer $VENTRYX_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"ip_allowlist": ["203.0.113.0/24", "198.51.100.42"]
}'
MFA enforcement
Organization owners can require multi-factor authentication for all team members. When MFA enforcement is enabled, any user who hasn't enrolled an authenticator app or hardware key will be blocked from accessing the dashboard and restricted from API operations that require user-level auth.