Skip to content

Organizations and access control

Organizations are DialDozer’s tenant boundary. The hierarchy supports the platform house organization, agencies, and client sub-accounts. Agency plans can own managed sub-accounts; standalone clients retain independent billing.

Admin queries use organization and campaign scope helpers. Organization consoles guard creation, promotion, suspension, and delete-if-empty operations and append audit records. Scoped users should use the organization shell rather than platform-only pages.

Access also includes VICIdial users and user groups, agent/admin capability flags, Field CRM roles (closer, inspector, partner_admin), feature flags, and scoped API keys. Use least privilege: create separate keys for automation, webhooks, and Chrome CTI, and bind CTI keys to the intended agent.

Do not infer access from hidden navigation. Every server write must enforce the same organization, campaign, role, and CSRF/API-scope checks.

Implementation anchors: modern/shared/org_schema.php, org_console.php, modern/admin/organizations.php, agency.php, users.php, usergroups.php, apikeys.php.