Documentation Index
Fetch the complete documentation index at: https://hybridbox.mintlify.app/llms.txt
Use this file to discover all available pages before exploring further.
Permissions define who can view or manage resources in Hybridbox. Access is granted by assigning a role to a user or group on a scope.
What are permissions?
A permission grant combines two things: a role and a scope. The role defines what actions are allowed. The scope defines where those actions apply.
For example, a user with DNS Manager on one domain can manage DNS records for that domain, but not for every domain in the account. The same role on a workspace or account applies more broadly.
Use the narrowest scope that lets the person do their work.
Scopes
Scopes let you limit access to the right part of the account.
| Scope | Applies to |
|---|
| Account | The whole account and resources inside it, subject to the selected role. |
| Workspace | One workspace and resources inside that workspace. |
| Domain | One domain and resources attached to that domain, such as DNS and mailboxes. |
Roles
Roles are reusable access bundles. The same role can be granted on different scopes.
| Role | What it can do |
|---|
| Account owner | Full account control, including roles, users, groups, billing-sensitive actions, and account-wide administration. |
| Manager | Includes Domain Manager access. Can manage workspaces, connect or purchase domains, move domains between workspaces, and delete domains. It does not manage DNS records, master passwords, dedicated IP lifecycle, or billing. |
| Domain Manager | Includes Editor access. Can also create and delete mailboxes. It does not manage DNS records or master passwords. |
| Editor | Can update and verify domains, manage forwarding rules and tags, assign domains to dedicated IPs, update mailboxes, manage mailbox aliases, run mailbox backups/restores/exports, and reveal mailbox credentials. It cannot create/delete mailboxes, purchase/connect/delete/move domains, manage DNS records, or manage master passwords. |
| Viewer | Read-only access to domains, DNS records, mailboxes, forwarding rules, dedicated IP details, and tags within scope. |
| DNS Manager | Can view domains and manage DNS records. It does not manage mailboxes or domains beyond DNS. |
| Credential Manager | Can create and manage master passwords within scope. It does not manage domains, mailboxes, DNS, dedicated IPs, or billing. |
| IP Manager | Can view, claim, authorize, and remove dedicated IPs. It does not assign domains to dedicated IPs. |
| Billing Admin | Can view and manage billing. |
| Billing Viewer | Can view billing only. |
Users and groups
Assign roles directly to users when access is personal. Use groups when multiple people need the same access.
Groups are useful for teams such as support, operations, billing, or DNS administrators. Instead of assigning the same role to each person, assign the role to the group and manage membership separately.
Service accounts
Service accounts let automation use the Public API without sharing a personal user login. Create a service account, copy its one-time token, and grant it only the roles and scopes the integration needs. Rotate exposed tokens and revoke service accounts that are no longer used.
Invitations
Use invitations to grant access to someone who has not joined the account yet.
An invitation can include the role and scope the user should receive after accepting it. After the invitation is accepted, the user becomes an active account member with the assigned access.
Review pending invitations regularly and remove invitations that are no longer needed.
Master passwords
Master passwords let authorized operators log in to SMTP mailboxes within a scope without retrieving each mailbox password individually.
A master password can be scoped to an account, workspace, or domain. It is valid for SMTP mailboxes inside that scope. Use this for operational access when a team needs to troubleshoot or manage multiple mailboxes without handling every mailbox-specific password.
Grant this access carefully. A master password can access many mailboxes if it is granted at a broad scope.
Role/action matrix
The scope still matters. A role marked Yes only applies within the scope where the role is granted.
| Action | Account owner | Manager | Domain Manager | Editor | Viewer | DNS Manager | Credential Manager | IP Manager | Billing Admin | Billing Viewer |
|---|
| View operational resources | Yes | Yes | Yes | Yes | Yes | DNS only | No | Dedicated IPs only | No | No |
| Create/manage workspaces | Yes | Yes | No | No | No | No | No | No | No | No |
| Update and verify domains | Yes | Yes | Yes | Yes | No | No | No | No | No | No |
| Purchase/connect domains | Yes | Yes | No | No | No | No | No | No | No | No |
| Move domains between workspaces | Yes | Yes, with both workspaces in scope | No | No | No | No | No | No | No | No |
| Delete domains | Yes | Yes | No | No | No | No | No | No | No | No |
| Manage DNS records | Yes | No | No | No | No | Yes | No | No | No | No |
| Update mailboxes and aliases | Yes | Yes | Yes | Yes | No | No | No | No | No | No |
| Create/delete mailboxes | Yes | Yes | Yes | No | No | No | No | No | No | No |
| Backup/restore/export mailboxes | Yes | Yes | Yes | Yes | No | No | No | No | No | No |
| Reveal mailbox credentials | Yes | Yes | Yes | Yes | No | No | No | No | No | No |
| Manage master passwords | Yes | No | No | No | No | No | Yes | No | No | No |
| Manage forwarding rules | Yes | Yes | Yes | Yes | No | No | No | No | No | No |
| Manage tags | Yes | Yes | Yes | Yes | No | No | No | No | No | No |
| Claim/remove dedicated IPs | Yes | No | No | No | No | No | No | Yes | No | No |
| Assign domains to dedicated IPs | Yes | Yes | Yes | Yes | No | No | No | No | No | No |
| View billing | Yes | No | No | No | No | No | No | No | Yes | Yes |
| Manage billing | Yes | No | No | No | No | No | No | No | Yes | No |
| Invite users | Yes | No | No | No | No | No | No | No | No | No |
| Create groups | Yes | No | No | No | No | No | No | No | No | No |
| Assign or revoke roles | Yes | No | No | No | No | No | No | No | No | No |
