Access control
Current RBAC configuration for the CPD Portal Hub. Every user is mapped to one or more roles; every portal declares the roles that can see it. Edit public/_hub/auth-config.js and scripts/portal-manifest.json, then run make sync.
Roles
Named permission buckets. Admin implies every role.
| Role | Label | Implies | Users |
|---|
Users
Mapping of email (exact or
*@domain) to roles. Order is preserved; exact match wins. Edits stage in the browser; click Apply changes to publish live from this page.
No staged changes
| Roles | Resolved (with implies) | Action |
|---|
Portal access matrix
Which role can open which portal. ✓ = allowed. Admin has all cells.
Cost & Billing
Monthly spend by GCP project + $100/mo budget guardrail. All links open the live GCP Billing console.
Portal Hub budget — $100 / month
Email alert at 70% ($70), 90% ($90), and 100% ($100). Alert recipient:
himanshu.shukla@cellpointmobile.com. Scope: cpd-himanshu-gemini.Full billing overview — all CPD projects
Roll-up across every CPD-owned GCP project under the same billing account. Breakdown by project and service.
Cost anomalies & forecast
Cloud Billing detects unexpected spend increases and projects end-of-month total. Configure one alert per billing account.
Analytics & Observability
Live dashboards for user behaviour, performance, and error tracking.
Google Analytics 4
User · geo · pages visited · events
Open →
Cloud Logging
Login events, client beacons, 5xx errors
Open →
Cloud Monitoring
Latency, 5xx rate, uptime checks, alerts
Open →
Error Reporting
Grouped exceptions, first-seen / regressed
Open →
Cloud Trace
Per-request latency breakdown
Open →
Cloud Run service
Revisions, traffic, env vars, deploys
Open →
Live sign-in activity (last 20)
Streams
login_success / login_failure from Cloud Logging. Scope this session or every session.