-
Notifications
You must be signed in to change notification settings - Fork 0
Admin Overview
Andrew den Hertog edited this page Dec 3, 2025
·
1 revision
This guide is for platform administrators who manage the Codex Web platform, including user accounts, groups, and system configuration.
As a platform administrator, you have full access to:
- Create and delete user accounts
- Enable and disable accounts
- Reset user passwords
- Promote/demote admin privileges
- Manage user group memberships
- Create and delete groups
- Configure group resource quotas
- Assign users to groups
- Set group admin roles
- Monitor group resource usage
- View all workspaces across the platform
- Delete any workspace
- Monitor workspace resource consumption
- Troubleshoot workspace issues
- Configure system settings
- Monitor platform health
- View audit logs
- Analyze platform statistics
- Manage resource allocation
- User Account Management - Creating, updating, and deleting users
- Privilege Guidelines - Understanding roles and permissions
- Group Management - Creating and configuring groups
- Workspace Administration - Managing workspaces
- System Settings - Platform configuration
- Monitoring and Logs - Audit logs and statistics
Full Access:
- ✅ All user management operations
- ✅ Create/delete/modify groups
- ✅ Manage all workspaces
- ✅ View all audit logs
- ✅ Configure system settings
- ✅ View platform statistics
Use Cases:
- IT administrators
- DevOps engineers
- Platform operators
Limited Scope:
- ✅ Manage workspaces in their group(s)
- ✅ View group members
- ✅ Monitor group resources
- ❌ Cannot add/remove group members
- ❌ Cannot modify group quotas
- ❌ Cannot create groups
Use Cases:
- Team leads
- Project managers
- Senior developers
See: Privilege Guidelines for detailed comparison
Admin Panel:
- Log in to Codex Web
- Click your avatar/name (top-right)
- Select Admin Panel
- Access admin-only features
Admin Routes:
-
/admin/users- User management -
/admin/groups- Group management (if group create UI exists) -
/admin/workspaces- All workspaces -
/admin/stats- Platform statistics -
/admin/audit- Audit logs -
/admin/settings- System settings
Overview Dashboard:
┌─────────────────────────────────────────┐
│ Platform Statistics │
├─────────────────────────────────────────┤
│ Total Users: 125 │
│ Admin Users: 3 │
│ Total Groups: 12 │
│ Total Workspaces: 89 │
│ Running Workspaces: 34 │
├─────────────────────────────────────────┤
│ Activity (Last 7 Days) │
│ Active Users: 87 │
│ Workspace Utilization: 38% │
└─────────────────────────────────────────┘
Resource Usage:
- Total CPU allocated
- Total memory allocated
- Storage consumption
- Pod count across clusters
Monitor Platform Health:
- Check
/admin/statsdashboard - Review resource utilization
- Check for error states
- Monitor active workspaces
User Support:
- Respond to access requests
- Reset passwords as needed
- Troubleshoot workspace issues
- Assist with group access
User Management:
- Create new user accounts
- Process offboarding requests
- Review inactive accounts
- Update group memberships
Resource Review:
- Analyze group resource usage
- Identify resource bottlenecks
- Plan capacity adjustments
- Clean up abandoned workspaces
Audit Review:
- Review admin action logs
- Check for anomalies
- Verify compliance
- Document incidents
Group Creation:
- Create new groups for teams/projects
- Configure resource quotas
- Assign initial members
- Set up group admins
Quota Adjustments:
- Increase group limits as needed
- Rebalance resources between groups
- Plan for growth
Troubleshooting:
- Investigate workspace failures
- Debug authentication issues
- Resolve resource conflicts
- Address user issues
All admin operations are available via REST API:
# Get your JWT token (from browser dev tools or OAuth flow)
export TOKEN="your-jwt-token"User Management:
# List all users
curl -H "Authorization: Bearer $TOKEN" \
https://your-codex.com/api/admin/users
# Create user
curl -X POST -H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{"email":"user@example.com","name":"User Name","groups":[],"isAdmin":false}' \
https://your-codex.com/api/admin/users
# Update user
curl -X PATCH -H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{"name":"Updated Name"}' \
https://your-codex.com/api/admin/users/{userId}
# Delete user
curl -X DELETE -H "Authorization: Bearer $TOKEN" \
https://your-codex.com/api/admin/users/{userId}Group Management:
# Create group
curl -X POST -H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{"name":"team-a","displayName":"Team A","namespace":"codex-team-a"}' \
https://your-codex.com/api/groups
# Add user to group
curl -X POST -H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{"groupId":"grp_123","role":"member"}' \
https://your-codex.com/api/admin/users/{userId}/groupsSystem Operations:
# Get platform stats
curl -H "Authorization: Bearer $TOKEN" \
https://your-codex.com/api/admin/stats
# Get audit logs
curl -H "Authorization: Bearer $TOKEN" \
https://your-codex.com/api/admin/audit-logs
# Get system settings
curl -H "Authorization: Bearer $TOKEN" \
https://your-codex.com/api/admin/settingsSee the API documentation for complete endpoint details.
Account Creation:
- Use clear naming conventions
- Assign to appropriate groups immediately
- Set correct admin status
- Document special access
Access Control:
- Follow principle of least privilege
- Regularly review admin users
- Audit group memberships quarterly
- Remove access promptly when users leave
Password Management:
- Enforce strong passwords via auth provider
- Regularly rotate admin credentials
- Use temporary passwords for new users
- Enable MFA when possible
Resource Allocation:
- Start with conservative quotas
- Monitor actual usage before increasing
- Balance resources across groups fairly
- Plan for peak usage patterns
Group Organization:
- Align groups with organizational structure
- Use clear, consistent naming
- Document group purposes
- Establish group ownership
Namespace Conventions:
- Use predictable naming:
codex-{team-name} - Keep names short and readable
- Avoid special characters
- Document namespace mapping
Monitoring:
- Identify idle workspaces weekly
- Track resource-heavy workspaces
- Monitor workspace age
- Clean up abandoned workspaces
Intervention:
- Contact owners before deleting
- Give notice for cleanup
- Document deletions
- Maintain audit trail
Audit Logging:
- Review logs regularly
- Investigate anomalies
- Track admin actions
- Maintain log retention policy
Access Reviews:
- Quarterly user access reviews
- Document admin privileges
- Remove unnecessary admin access
- Audit group memberships
Incident Response:
- Document security incidents
- Have rollback procedures
- Maintain emergency contacts
- Test recovery procedures
Check:
- User exists in DynamoDB
- User is enabled in Cognito
- User has group memberships
- JWT token is valid
Solutions:
- Reset password via Cognito
- Re-enable account if disabled
- Verify OAuth configuration
- Check auth provider logs
Investigate:
- Check group resource quotas
- View workspace logs
- Verify namespace exists
- Check Kubernetes events
Common Causes:
- Insufficient group resources
- Invalid workspace image
- Storage quota exceeded
- Network policy issues
Verify:
- Namespace doesn't already exist
- Resource quotas are valid
- Kubernetes is accessible
- Sufficient cluster capacity
Debug:
# Check if namespace exists
kubectl get namespace {namespace-name}
# View recent events
kubectl get events -n {namespace-name}Symptoms:
- Can't create workspaces
- Workspaces stuck in Pending
- Resource limit errors
Resolution:
- Check group resource usage
- Identify resource hogs
- Stop idle workspaces
- Increase quota if justified
Tier 1: Group Admins
- Workspace issues within their group
- Basic troubleshooting
- Group-specific questions
Tier 2: Platform Admins
- Account and access issues
- Cross-group problems
- System configuration
- Resource allocation
Tier 3: Platform Engineers
- Infrastructure issues
- Kubernetes problems
- Database issues
- Code bugs
-
Gather Information:
- User ID and email
- Workspace ID (if applicable)
- Error messages
- Steps to reproduce
-
Check Logs:
- Application logs
- Kubernetes pod logs
- Audit logs
- Browser console (if UI issue)
-
Attempt Resolution:
- Apply known fixes
- Consult documentation
- Check similar past issues
-
Escalate if Needed:
- Provide all gathered information
- Document troubleshooting steps
- Explain urgency/impact
- Set expectations
-
Access Admin Panel:
- Verify your admin privileges
- Explore the admin UI
- Familiarize yourself with layout
-
Review Current State:
- Check platform statistics
- Review existing users
- Understand group structure
- Note resource allocation
-
Review Documentation:
- Read all admin guides
- Understand workflows
- Learn API endpoints
- Review troubleshooting guides
-
Shadow Existing Admins:
- Observe admin actions
- Ask questions
- Learn processes
- Understand escalation
-
Practice in Non-Prod:
- Test user creation
- Try group operations
- Practice workspace management
- Learn safely
Technical Documentation:
-
CLAUDE.md- Developer guide -
backend/README.md- Backend technical docs -
frontend/README.md- Frontend technical docs - Repository wiki - This documentation
External Resources:
- AWS Cognito documentation
- Kubernetes documentation
- DynamoDB best practices
- Express.js guides
Continue to specific admin guides:
- User Account Management - Detailed user management procedures
- Privilege Guidelines - Role-based access control details
- Group Management - Creating and configuring groups
- Workspace Administration - Managing workspaces