This page collects operator and break-glass topics that do not belong in standard customer onboarding.

Self-hosted control plane

If you self-host dFlow, you administer the control plane stack yourself.

Worker Node access still uses SSH and node tooling; see CLI overview.

Payload CMS admin

Payload provides an admin UI and REST endpoints (see API overview). Use them for content and operator tasks, not as a supported public integration surface for end customers.

Dangerous or elevated server actions

The codebase includes actions intended for narrow roles, for example:

• impersonateUserAction (see Authentication actions).
• createProjectAdminAction and migration helpers that use overrideAccess in Payload for specific workflows (see packages/core/src/actions/application/index.ts comments around Move to Applications).

Treat these as implementation details subject to change. Harden RBAC and audit before relying on them outside core maintainers.

Internal analytics and reporting

packages/core/src/actions/admin/analytics/ contains server actions used for internal statistics (for example region stats, managed capacity projections). They are not customer-facing features.

dFlow Cloud vs self-hosted

On dFlow Cloud, you do not get shell or database access to dFlow’s production control plane. Operational work flows through support and the dashboard. Self-hosted operators own their Compose stack and backups.

Learn more

• Reference overview for the full advanced section map.
• Roles and permissions for in-product RBAC.
• Documentation migration notes for where canonical docs live versus legacy marketing MDX.