Skip to content

Permissions

ZynoHosting automation uses tenant permissions at the manager and short-lived capability scopes at the site’s cluster.

Tenant permissions

PermissionCapability
hosting.sitesReadList and inspect authorized sites.
hosting.filesReadList files and download individual files.
hosting.filesWriteCreate and replace individual files.
hosting.filesDeleteDelete individual files.
hosting.deployPlan and apply full deployments.
hosting.downloadDownload the deployable snapshot.
hosting.downloadSensitiveInclude protected and user-generated content in a snapshot.
hosting.analyticsReadRead hosting analytics.
hosting.analyticsManageChange analytics configuration.

Tenant administrators receive all hosting permissions through their normal admin grant. Non-admin credentials receive only explicitly assigned operations.

Cluster capability scopes

The Hosting Manager maps an authorized request to the minimum agent scopes needed for that operation:

Agent scopeManager permission
deploy:inventoryhosting.deploy
deploy:hashhosting.deploy
deploy:applyhosting.deploy
files:listhosting.filesRead
files:readhosting.filesRead
files:writehosting.filesWrite
files:deletehosting.filesDelete
download:deployablehosting.download
download:sensitivehosting.download and hosting.downloadSensitive

The capability is bound to one site and cluster and includes exact scopes, protocol version, upload/download limits, a unique token ID, and time bounds.

Least-privilege examples

Read-only inspection

Grant:

  • hosting.sitesRead
  • hosting.filesRead

This supports site discovery, listings, and individual-file downloads without remote mutation.

Deployment automation

Grant:

  • hosting.sitesRead
  • hosting.deploy

Add hosting.filesRead only if the same workflow must inspect or download individual files.

Backup automation

Grant:

  • hosting.sitesRead
  • hosting.download

Add hosting.downloadSensitive only when the backup destination is approved to receive protected and user-generated content.

Troubleshoot a forbidden operation

Check:

  1. that the credential belongs to the intended tenant;
  2. that the site is granted to that tenant or principal;
  3. that the matching hosting permission is assigned;
  4. that a sensitive download has both required permissions;
  5. that an old interactive login has not expired.

Do not solve a narrow authorization failure by broadly granting tenant-admin access. Add the smallest permission set that supports the workflow.

Documentation for the ZynoHosting CLI and local MCP server.