Platform
Permissions
Group-based access control with granular permissions across releases, syncs, themes, and administration.
Access control model
Flux uses group-based access control. Users are assigned to groups, and permissions are assigned to groups. A user's effective permissions are the union of all permissions from all groups they belong to.
When a user logs in for the first time via Shopify OAuth, they are automatically assigned to a default group. Administrators can then adjust group membership and permissions.
Permission categories
Releases
- View releases — see release details, diffs, and deployment status
- Create releases — initiate new releases
- Deploy releases — trigger deployment of approved releases to target stores
- Cancel releases — cancel in-progress or pending releases
- Edit releases — modify release metadata and scope
- Revert releases — create rollback releases from previously deployed state
- Refresh releases — refresh release state from source
- Retry deployments — retry failed deployment operations
- Delete releases — permanently remove releases
Reviews
- Dismiss any review — override and dismiss other team members' reviews
- Manage reviewers — assign and remove reviewers on releases
Syncs
- View syncs — see sync history, status, and operation details
- Trigger syncs — manually initiate sync operations
- Configure syncs — modify sync configuration and schedules
Themes
- View themes — see theme configuration and deployment status
- Configure themes — modify theme settings per store
- Build themes — trigger theme builds
- Deploy themes — deploy theme changes to target stores
Tags and views
- View tags — see tag definitions
- Manage tags — create, edit, and delete tags
- View saved views — see saved filter views
- Manage saved views — create, edit, and delete saved views
Administration
- View groups — see group definitions and membership
- Manage groups — create, edit, and delete groups; manage membership
- Manage users — invite and remove users
- Manage permissions — assign and revoke permissions on groups
- View approval rules — see release approval configuration
- Manage approval rules — create and modify approval rules
Settings
- General settings — modify organisation-level settings
- Store settings — configure store connections and classifications
- GitHub settings — manage repository connections
- API key settings — create and manage API keys
Store-scoped permissions
Some permissions can be scoped to specific stores. For example, a user might have deployment permissions for QA environments but not for production. Store-scoped permissions are configured at the group level.
Approval rules
Release approval rules define the review requirements before a release can be deployed:
- Which groups are eligible to approve
- How many approvals are required
- Whether status checks must pass
Approval rules are configured in Settings → Approvals and apply to all releases in the store group.
Audit trail
All permission changes, group modifications, and access events are recorded in the audit log. The audit log captures the actor, the action, the affected resources, and the timestamp — providing a complete compliance trail.
Audit logs can be exported as CSV for external analysis.
Next steps
- Learn about the release workflow and approval process
- Read about API authentication and API key scoping
- Understand the architecture and tenant isolation