See Roles and product surfaces for which API roles may open /admin / /org-admin, /chat, and /characters.

Organization admin

These screens cover simulation settings, characters (where the product exposes them), and other tenant-scoped configuration. Every control should map to validation and authorization in the simulation_admin APIs and related routes—never rely on hiding buttons alone.

Platform (super) admin

Where the UI surfaces cross-organization tools, only users with the correct platform role should see them. If the API would return 403, the UI should not suggest the action succeeded.

Destructive or high-impact actions

Resets, bulk deletes, and broad policy edits need explicit confirmation. For parameter semantics and customer-facing notes, point operators at Parameter documentation standard and the simulation settings catalog.