Roles & tiers
Access on the MDDS-LLM platform is controlled by two overlapping concepts: roles (what you are) and tiers (what you can create).
Platform roles
Section titled “Platform roles”Roles are Keycloak realm roles, assigned in Keycloak and synced to the platform on every login. There are only two:
| Role | Description |
|---|---|
admin | Full platform-wide access. Can view all users, manage subscriptions, read the full audit log, and manage the email allowlist. Admins cannot delete themselves or other admin accounts. This is the only role that grants elevated authorization. |
free-tier | Default label applied to new accounts. It is a benign placeholder — nothing reads it to grant tier capabilities. Your actual subscription tier is resolved separately (see Subscription tiers). |
Subscription tiers
Section titled “Subscription tiers”Tiers determine resource limits. The three tier values — free-tier, standard, and enterprise — are owned by the Contact System (Stripe and admin overrides), not by Keycloak. They are never assigned or synced as Keycloak roles.
Your effective tier is resolved per account, in this order:
- Admin override — wins over everything.
- Stripe subscription — when it is active or trialing, or past-due within a 14-day grace period.
- Stored account tier — when the account has never had a Stripe subscription. This is the default assigned at account creation, which is
free-tierfor every new account. - Free-tier fallback — when a Stripe subscription once existed but has lapsed (cancelled, or past-due beyond grace).
The stored account tier is never read from a Keycloak realm role. Keycloak roles drive authorization (such as admin access), not tier.
| Tier | Max servers | Max peers | Max channels per server |
|---|---|---|---|
| Free | 1 | 3 | 5 |
| Standard | 5 | 20 | 25 |
| Enterprise | Unlimited | Unlimited | Unlimited |
-1 in the API means unlimited.
Each tier’s capabilities (admin connections, secret rotation, gateway access policy) are described under What tiers gate below.
What tiers gate
Section titled “What tiers gate”Beyond resource counts, tier controls several capabilities:
| Feature | Free | Standard | Enterprise |
|---|---|---|---|
| Admin connections | Read-only only | Read-write | Read-write |
| Secret rotation | Not available | Available | Available |
| Gateway access policy | read-only | read-write | read-write |
Ownership and visibility
Section titled “Ownership and visibility”All users, regardless of tier, can only manage their own resources. Service-layer ownership checks enforce this even when the same endpoint is accessible to multiple tiers. The one exception is the admin role, which can read (but not impersonate) any user’s data.
Related
Section titled “Related”- Tiers overview — Detailed tier comparison for users selecting a plan.