Org admins have baseline read access to every app in their organization (see Roles), but writes on apps where they have no explicit membership require an Admin Override session: a deliberate, reason-required, fully-audited elevation. This page documents what developers integrating with Hasp can observe about override behavior via the SDK and audit log.Documentation Index
Fetch the complete documentation index at: https://docs.usehasp.com/llms.txt
Use this file to discover all available pages before exploring further.
When overrides apply
An override is required when all three conditions are true:- The user is an org admin or owner
- The app’s access mode is
privateorinvite_only - The user has no explicit per-user or group editor/admin grant on the app
sdk.getBootstrap().role returns 'org_admin_viewer' (read-only) until the admin explicitly opens an override session.
Override lifecycle
- Open — Admin clicks “Enable Admin Edit Mode” in the app header, types a reason (minimum 10 characters), submits. Server creates an
admin_override_sessionrow, sets a session cookie, and emitsorg_admin.override_enabledto the audit log. - Refresh on every write — Each write request the admin makes under override refreshes the session’s
last_activity_at, extending the inactivity window. Every such write also emitsorg_admin.override_actionwith the route and HTTP method. - End — One of:
- Admin clicks “Exit Admin Edit Mode” →
exited_at = now(), auditorg_admin.override_exitedwithexit_reason = manual - 60 minutes of inactivity →
exited_at = now(), audit withexit_reason = inactivity - Admin logs out →
exited_at = now(), audit withexit_reason = session_ended
- Admin clicks “Exit Admin Edit Mode” →
Audit events
The override lifecycle produces the following entries in your organization’s audit log (available to admins at/settings/audit-log):
| Action | When emitted | Key metadata |
|---|---|---|
org_admin.override_enabled | Override session opened | reason, inactivity_expires_at |
org_admin.override_action | Each write request under override | route, method |
org_admin.override_exited | Override session ended | exit_reason, duration_seconds |
| Action | When emitted | Key metadata |
|---|---|---|
org_admin.app_viewed | Org admin loads an app’s management page via baseline visibility (no explicit grant) | role_at_view, access_mode |
org_admin.orphan_inherited | An app transitions to “orphaned” state (last live editor/admin removed) | access_mode, detected_via |
org_admin.orphan_reassigned | Org admin reassigns an orphaned app to a new admin | target_user_id, reassigned_by, was_orphaned_since |
Observing override state from your app
Hasp apps running inside the runtime iframe do not receive override session details — the override is a platform-level mechanism, not an app-level context. If your app needs to know whether the current user is acting under override authority, comparesdk.getBootstrap().role:
'org_admin_viewer'→ admin is viewing via baseline; no override active; writes will fail'editor'or'admin'on an app where the user has no explicit grant → override is active (platform has elevated their role server-side)
What’s NOT audited
Reads by org admins with naturally-granted access (explicit editor/admin grant) are NOT audited under theorg_admin.* namespace. Those are regular member activities. Only the “admin-acting-via-baseline-visibility” path produces meta-audit entries.