Picture the Juwa permission hierarchy like a business structure. On top is the Superadmin-the owner of the platform. Underneath the Superadmin, operators will run their specific networks of players and agents. Managers will take care of day-to-day business at a location level. Agents will be on the ground managing individual player interactions.
Each position can only access actions within its set of permissions and no lower. A manager cannot do anything that an operator can do. An agent cannot do anything that a manager can do. This prevents errors or wrongful behavior on one level from damaging the integrity of the entire platform. Additionally, every action is logged under a certain position and account. This is incredibly useful for compliance and dispute resolution.
It’s important to know upfront that positions are assigned upon account creation. A player can not assign themselves a position as an agent. Only the position directly above the assigned position can create and control the tier below-operators create managers, managers create agents, and only superadmins can create new operators.
The Super admin is the highest-level account in the entire Juwa ecosystem. If you are the platform owner or the primary point of contact with the Juwa platform provider, your account will be provisioned at this level. There are typically very few Super admin accounts — often just one per platform deployment — precisely because of the access this role carries.
A Super admin can access every feature across the entire platform without restriction. This includes creating and disabling Operator accounts, configuring global game settings and table limits, viewing all financial data across every operator network, accessing the complete system audit log, modifying platform-level security settings including IP whitelisting, and generating reports that span all operators simultaneously.
Because Super admin credentials represent the keys to your entire operation, these accounts should be treated with maximum security discipline. Enable two-factor authentication immediately, use a dedicated device for login, never share credentials, and change the password every 60 days minimum. The Super admin account should log in only when platform-level changes are genuinely needed — not for routine daily operations, which should be handled by Operator-level accounts instead.
The Operator account is the main day-to-day account used by the majority of Juwa platform owners. Even if you have Superadmin access, it’s usually recommended that you perform most daily functions through an Operator account to limit your high-level permissions.
Operators can control each and every one of the player accounts in their assigned network, including the creation of player accounts, allocation of starting credits to new players, resetting of player passwords, locking player accounts that display suspicious activity, and inspecting detailed player account history. Operators also have complete access to all of the performance information for their assigned network, including summarized revenue reports, gameplay statistics, credit flow, and operator agent activity.
Perhaps one of the most vital Operator permissions is the ability to add Manager accounts and Agent accounts to their network. This is how you structure the team underneath you. For Manager accounts you define a credit ceiling, location/zone, and what kind of financial reporting the manager sees. Agent accounts automatically bind to their specific Manager account and are prevented from transferring credit outside of the relationship without Operator authorization.
The prohibitions on Operator abilities are just as crucial as their allowed functions. Operators cannot access or alter any of the system-level settings for your games, including global credit rates or system security policies, both of which are controlled only by the Superadmin. Finally, Operators also have access to neither and cannot view data for other Operator networks. Any separate Operators for your system are maintained in isolated data environments.
The Manager role is designed for supervisors who run a specific location, zone, or group of agents within a larger operator network. If you operate multiple physical or digital locations, each location supervisor should hold a Manager account tied to your Operator credential.
Managers can handle all player-facing tasks within their assigned scope: processing credit top-ups and redemptions, helping players with account issues, resetting player passwords for accounts in their zone, monitoring which games are being played and at what stakes, and reviewing the activity of the agents they supervise. Managers also receive performance summaries for their zone, though these reports are scoped to their assigned area — they cannot see financial data for other zones within your network.
Managers can create Agent accounts within their zone. This is a key delegation feature — you do not need to create every Agent yourself. You can delegate that responsibility to each Manager for their respective team. When a Manager creates an Agent account, those credits and activities fall within the Manager’s assigned credit pool, which is in turn nested inside your Operator credit limit.
Managers cannot create other Manager accounts — that remains an Operator-level action. Managers also cannot view or modify the financial configuration of the Operator account above them, access the platform-level audit log, or change game configuration settings.
The Agent level is the bottom of the Juwa hierarchy. Agents are the people who deal directly with the player; Agents sign up the players, issue credits to the players, handle customer service issues with the players and then cash out with their Manager within limits set by the Manager for that particular Agent.
The role of the Agent is intentionally limited in capability. Agents are only allowed to access and deal with their own players. They cannot see other agents’ player lists or their own Manager’s player credits and can only issue up to their own allocated session or daily limits for credits and then report to their Manager, who is able to fix such platform problems or extend limits if deemed necessary.
The limited nature of the Agent is actually a anti-fraud feature. As the activity of each Agent’s credit issuance is logged and limited, should an Agent be trying to cheat they can only make very limited transactions before their account is flagged in your Operator dashboard. The audit trail for each credit issuance an Agent performs is automatic and available to both their Manager and yourself as the Operator.
Agents can never access financial statements, games, player suspension options, administration panels of any kind other than basic player account setup and credit issuance. Agents should only ever contact their Manager to try and perform functions they cannot execute themselves.
The table below shows which role can perform each platform action. Use this as a reference when deciding which role to assign to each member of your team.
| Permission / Action | Superadmin | Operator | Manager | Agent |
|---|---|---|---|---|
| Create Operator accounts | ✓ | — | — | — |
| Create Manager accounts | ✓ | ✓ | — | — |
| Create Agent accounts | ✓ | ✓ | ✓ | — |
| Player account management | ✓ | ✓ | ✓ (zone only) | ✓ (assigned players) |
| Credit distribution | ✓ | ✓ | ✓ (within limit) | ✓ (within limit) |
| Suspend player accounts | ✓ | ✓ | ✓ | — |
| View revenue reports | ✓ (all networks) | ✓ (own network) | ✓ (own zone) | — |
| Game table configuration | ✓ | Partial | — | — |
| Platform security settings | ✓ | — | — | — |
| Full system audit log | ✓ | — | — | — |
| IP whitelist management | ✓ | — | — | — |
| Reset subordinate passwords | ✓ | ✓ | ✓ | — |
A basic decision tree covers almost all of these assignment scenarios. Ask the following questions to ascertain which account level a new team member should receive:
– Is this person ultimately responsible for the platform itself, manages other operators, and is responsible for configuring game properties and security? If yes, this person needs a Superadmin account (one, and two maximum in very large organizations to cover redundancy).
– Is this person responsible for managing a network of agents and players? Does this person have the responsibility of pushing credits across a geographic territory or market segment and would benefit from seeing performance reporting across these different areas? If yes, assign them an Operator account (your regional or network manager).
– Is this person supervising a physical location or a particular group of agents? Does this person handle the escalation of player problems for that location? Would this person only need to see the performance data for their zone? If yes, this person gets a Manager account.
– Is this person solely responsible for signing players up, crediting individual players accounts and doing customer service at the “front desk” in a single physical location? If yes, this person gets an Agent account.
A lot of new operators mistakenly create Operator-level accounts for their managers. The problem with this is that these people do not need access to your wider network’s finances; all they need is to view their individual zone’s information. In these cases, assign the manager a manager-level account and elevate them if there becomes a legitimate need.
Can I change a user’s role after their account has been created?
Role changes after account creation require Operator or Superadmin action and typically involve deactivating the old account and issuing new credentials at the correct level. Contact your platform support team if you need to modify an existing account’s role — do not attempt to share credentials between two people of different levels as a workaround.
Can a Manager see what an Agent under their team is doing in real time?
Yes. Managers have access to an activity feed for all agents assigned to their zone. They can see credit distributions, player registrations, and session activity in real time. This is one of the key monitoring tools that makes the Agent role safe to deploy broadly.
What happens if an Agent tries to distribute credits beyond their assigned limit?
The platform will block the transaction automatically. The Agent will see an error indicating they have reached their credit limit. They must request a limit increase from their Manager, who can adjust the cap within their own Operator-assigned ceiling.
Can two different team members share a single Juwa admin login?
Sharing credentials between two individuals is strongly discouraged and often violates platform security policy. Every person who needs access should have their own account. The role-based system is designed to give each person exactly the access they need — there is no efficiency gain from credential sharing, and the audit trail becomes unreliable when multiple people use one account.
Is there a limit to how many Manager or Agent accounts I can create?
Account limits vary by platform agreement. Contact your Juwa platform provider directly to confirm the account limits in your specific deployment. Most operator agreements include sufficient accounts for typical business operations.
Now that you understand the full role structure, head back to the Juwa admin login guide to set up each account type correctly from the start.