Understand tenant admin and platform boundaries
Learn which controls belong to your workspace admins and which protected platform operations are handled separately.
Purpose
Understand which controls your workspace admins manage and which protected platform operations are handled separately, so you know where to act and where to ask for help.
Who this is for
Owners, admins, and support members learning which controls are theirs and which are platform-only.
Prerequisites
- A workspace admin or owner role to see tenant settings.
- A question about who can change a given setting.
- The audit history for context on past changes.
Steps
- Open Tenant Admin to see the controls your workspace manages.
- Review members, roles, API keys, billing, and connector settings.
- Note which actions show as available versus needing a higher role.
- For anything marked platform-only, use the support path instead.
- Check the audit history to see who changed what and when.
- Assign roles so each person has the access they actually need.
Expected result
You can tell which settings your workspace admins control and which platform operations are out of scope, and you know the safe path for each.
Verification
- Tenant settings you can change are shown as available.
- Platform-only actions are clearly separated and not editable here.
- The audit history reflects role and setting changes you make.
If something goes wrong
- A setting is not editable
- Confirm your role; some settings need an owner, and some are platform-only.
- You cannot find a control
- Use Help search, or check whether it belongs to platform administration.
- A change is not reflected
- Refresh the view and check the audit history for the recorded change.
Permissions
Tenant settings need an owner or admin role; protected platform operations stay separate and are never available to normal user sessions.
Related articles
Support
If a control you need is platform-only, ask LumenReach support; they can explain protected setup without exposing platform infrastructure.