product
Ethica Portal — My Source of Truth
Contents
Ethica Portal — My Source of Truth
The operator’s quick reference for the Ethica IT-portal — who can do what, where things live, and the automatic behaviour you can rely on. If the platform and your memory disagree, this page is the tie-breaker.
Who can do what
| Role | Where they land | What they control |
|---|---|---|
| Admin | Full admin site | Everything: all companies, monitoring, documentation, website, audit log |
| Staff | Admin site (no admin-only sections) | Service desk, pipeline, projects, monitoring, their teams |
| Customer | /account + their company | Their own tickets, their contacts, their granted docs |
| Company admin | /account | All of their company’s tickets, and can create users for their own company |
| Reader | /docs | Only the documentation folders they’ve been granted |
Rules that always hold:
- Customers see only their own tickets unless they’re a company admin (then the whole company’s).
- Staff and customers cannot reach Documentation, Website or Administration — admin-only.
- A company admin’s new users are locked to their company as
customer— they can’t escalate to staff/admin.
Tickets — the states and what they mean
| State | Dot | Meaning |
|---|---|---|
| Open | red | Needs picking up |
| Waiting (internal) | blue | Blocked on us / a colleague |
| Waiting (customer) | purple | Waiting on the customer |
| In progress | amber | Being worked |
| Maintenance | pink | Planned work — does not raise an alarm |
| Resolved / Closed | green / grey | Done |
| Archived | — | Admin-only, hidden from staff & customers (retention) |
- Pending = either waiting state (plus blocked).
- A customer can open and close their own ticket once their company has Ticket support switched on.
- Customer-opened tickets arrive unassigned — triage queue, not silently on one person.
- A ticket can be assigned to a person or a team. “Assigned to my team” exists so a ticket someone is holding is still findable if they’re off sick.
- A ticket can link to a project task, tying support back to delivery work.
What happens automatically
- Resolved/closed tickets auto-archive ~3 months after close.
- A system goes offline → an incident ticket opens, routed to that system’s alarm responsible (a person or a team).
- Maintenance clears an open alert and won’t trigger a new alarm.
- An SSL certificate within 7 days of expiry → a renewal task opens automatically and closes itself once the cert renews.
- Company deactivation disables all of that company’s users except its company admins.
The public status page
/status shows only the systems you’ve flipped Status / public on, grouped by type,
in a glass/Uptime-Kuma style. Post a manual callout per system (Danger / Warning /
Success / Info; “Not active” hides it) to tell visitors about planned or ongoing work.
Documentation access
Readers are non-admin accounts with per-folder grants. Manage them at Admin → Documentation → Docs Access — search, sort, 50 per page (stays fast even with thousands of accounts). Admins are listed read-only; you can’t lock yourself out from there.
Security & audit
The audit log (Admin → Users → Audit) records sign-ins, failed and throttled logins, and password changes. Passwords are never logged. Login throttling kicks in after 10 failed attempts from one IP within 5 minutes. Searchable by category and actor; exports to CSV.
Where things live (homelab)
- App:
Development/Ethica/Ethica.no—server.py(admin over Postgres) + Hugo marketing site. Deploys on push tomain(CI/CD). - Engineering reference:
docs/feature-set.mdand the dateddocs/patch-notes-*.mdin that repo. - Served docs:
content/docs/is synced from an external docs repo (scripts/docs_sync.py) and is gitignored in the app repo.
Keep this page honest: when behaviour changes, change this page in the same step.