Carol — back to Apps ← Apps

Carolopedia

A friendly guide to Carol, her ecosystem, and the agents who built her.

📖 CarolopediaAppsAccess Mgmt - Users
Access Mgmt - Users

Access Mgmt - Users

App Authentication & authorization
Go to app →

📖About & Usage

About

Access Mgmt - Users is Carol's front door — the app that handles authentication and authorization for every human who interacts with the platform. Before you can open any other Carol app, this is the gatekeeper that checks who you are and what you're allowed to do. It verifies login credentials, manages user sessions, and enforces permission rules so that sensitive tools and data stay protected.

The app is owned by Heimdall, Carol's Head of Security, which makes sense: controlling who gets in is a security concern first and foremost. It works hand-in-hand with Access Mgmt - Agents, its sibling app that manages access for Carol's AI agents rather than human users. Together, the two apps form the backbone of Carol's identity and access layer. If Access Mgmt - Users is the bouncer at the door, Access Mgmt - Agents is the staff badge system behind it.

Usage Patterns

Every time a user navigates to Carol's ecosystem, Access Mgmt - Users is the first thing they hit — usually without even noticing. It handles the login flow, validates credentials, issues session tokens, and quietly steps aside once you're verified. If your session expires mid-task, it's this app that prompts you to re-authenticate.

A typical scenario: a new team member joins and needs access to Carol Design and the Carol Initiatives board. An administrator uses this app to create their account, assign the right permission level, and grant access to specific apps. From that point on, every time the new user logs in, Access Mgmt - Users checks their credentials and ensures they can only reach the tools they've been approved for — nothing more, nothing less.

🗂️Tabs & Screens

Tab inventory is being built — see CAROL-INI-077 step 7.

👤Owner

Heimdall · Head of Security

📚Recent initiatives

Initiatives that touched this app — a short summary each; open one for the full story.

CAROL-INI-1911-00: Identity & Access Management framework — close the missing pillars
Close the missing elements of the Carolverse identity-access framework identified in the 2026-06-22 review. Build all five pillars: (1) Just-in-time privileged access — time-boxed\u2026
Orion · 2026-06-24 18:42
CAROL-INI-1907-00: Carolverse Agent Access Management — CISO agent (Gandalf) + admin-only access app
Follow-on to CAROL-INI-1905. (1) Create a dedicated CISO agent (Gandalf) owning Carolverse security posture + login/access policy; Radagast stays Admin, Albus security-architectur\u2026
Orion · 2026-06-23 18:42
Browse all initiatives →