LUSTE Token is LIVE on Base! Exchange tokens for AI credits. Multi-Tenant Architecture
LusterCMS supports a full multi-tenant SaaS architecture, allowing you to run a platform where multiple organizations share the same infrastructure while maintaining complete data isolation.
Hierarchy
SUPERADMIN (Platform Owner)
│
├── Partner Groups (optional grouping)
│
└── ADMIN (Supervisor/Reseller)
│
└── ORGANIZATION (End Customer)
│
└── Users (user, viewer, editor)
Roles
| Role | Description | Access |
|---|---|---|
superadmin | Platform owner | Full access to everything |
admin | Supervisor managing 1..N organizations | Full access to their organizations |
client_admin | Organization admin | Full access to their own organization |
user | Regular user | Based on permissions |
viewer | Read-only user | View only |
Access Rule: Downward visibility only
Permissions and credits flow downward:
- Superadmins can see and manage all organizations and their admins.
- Organization admins can see and manage only their own clients / stores.
- Credits are always scoped per organization and can be allocated downward, but never upward.
This means a client_admin can never see data from other organizations, and an admin can never access platform-level settings.
Key Features
1. Database Isolation
Each organization has its own separate database.
No data is shared between organizations; superadmins can switch into orgs for management, but each org's data stays isolated.
This ensures:
- Complete data separation
- Individual backup/restore capability
- Performance isolation
- Compliance with data residency requirements
2. Registration Flow
New organizations go through an approval queue:
- Customer submits registration form
- Request enters approval queue (or auto-approved if configured)
- Superadmin reviews and approves/rejects
- Upon approval, database is provisioned automatically
- Customer receives access credentials
3. Credit System
Credits flow from top to bottom:
- Superadmin grants credits to Admins
- Admins set credit limits for their organizations
- Organizations can also purchase credits directly
- Usage is tracked and limited automatically
Credits are always scoped per organization and can be allocated downward, but never upward.
4. Plugin Management
Each organization can have different plugins enabled:
- E-Commerce
- LinkedIn Publisher
- Calendar
- Analytics
- Forms
- And more...
The sidebar automatically shows only enabled plugins.
5. Custom Domains
Organizations can use custom domains (e.g., app.yourcompany.com) for white-label access.
6. White-Label Branding
Admins can configure branding for their clients:
- Custom logo
- Brand colors
- Custom app name
- Footer text
- Support contact