Account Admin
Full CRUD across all vaults and users.
- Organisation-wide management
- Create and archive vaults
- Manage all users and roles
Granular Vault Access Control.
Vauzy gives you precise access control at every level. Assign roles per vault, keep sensitive credentials scoped to the right people, and stay fast without sacrificing security.
Monica Hall
hello@vauzy.com
Vault
# Items
Permission
Socials
12
Read & Write
HR Apps
3
No access
Finance Apps
6
Read only
Fine-grained access control
Assign roles per vault. Keep internal, client, and project access clean and intentional.
Accountability built in
Every change is logged. See who granted access, who used it, and when.
Speed without sprawl
Give people exactly what they need. Nothing more, nothing less.
Roles and permissions
Four access levels for vaults, plus optional billing permissions. Assign per vault for true least-privilege access.
Vault Admin
Full read and write access and user management for that vault.
- Add or remove vault members
- Set read or write roles per user
- Create, read, update and delete credentials
Vault Write Access
Create, edit, and delete credentials in the vault.
- Full create, read, updated and delete access on vault credentials
- Use built-in authenticator for MFA
- Cannot manage vault members
Vault Read Only Access
View-only access to credentials in the vault.
- View credentials and access 2FA codes
- Cannot create, edit, or delete credentials
- No member management
Billing Admin (separate permission)
Manage payment methods and subscription plans without granting vault access.
Role matrix
Compare what each role can do. Billing Admin is separate and only applies to payments and subscription.
| Capability | Account Admin | Vault Admin | Vault Write | Vault Read | Billing Admin* |
|---|---|---|---|---|---|
| Manage org users | |||||
| Create & archive vaults | |||||
| Manage vault members | |||||
| Credential CRUD | Read only | ||||
| Read credentials | |||||
| Share vault externally | |||||
| Rotate credentials & MFA | |||||
| View audit logs | |||||
| Manage billing & subscriptions | Optional* | ||||
| Manage policies & settings | Per-vault |
*Billing Admin is a separate permission that grants access to payment methods and subscription plans only.
†If your model allows Vault Admins to create vaults, limit scope to their workspace and exclude org-wide policies.
Why this matters
Blanket access
- Everyone sees too much by default
- Hard to remove access safely during handovers
- No clear audit of who should have what
Granular access
- Right access for the right people per vault
- Fast revocation and safe handovers
- Clear roles and audit trails for every action
Keep projects moving without exposing more than necessary.
Get started today
Frequently asked
Can a user have different roles in different vaults?
Yes. Roles are assigned per vault, so someone can be have Write access in one vault and Read only in another.
Does Billing Admin grant access to vault data?
No. Billing Admin is separate. It grants access to subscription and payment settings only.
Can I track when a users access was changed?
Yes. All user permissions are audited and can be viewed in the audit logs.
Access on your terms
Assign roles per vault, keep audits clean, and protect what matters without slowing anyone down.