> ## Documentation Index
> Fetch the complete documentation index at: https://libops-renovate-github-com-libops-sitectl-0-x.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Access controls

> Manage members, firewall rules, secrets, and settings for LibOps organizations, projects, and Sites.

Members, firewall rules, secrets, and settings can be attached to an organization, project, or Site. Pass exactly one scope flag: `--organization-id`, `--project-id`, or `--site-id`.

For guidance on choosing the right scope, see [Resource Hierarchy](https://docs.libops.io/platform/resource-hierarchy). For the platform security model behind members, firewall rules, and secrets, see [Security and Operations](https://docs.libops.io/platform/security-operations).

## Members

```bash theme={null}
sitectl libops create member \
  --site-id "$SITE_ID" \
  --account-id "$ACCOUNT_ID" \
  --role developer

sitectl libops list members --site-id "$SITE_ID"
sitectl libops edit member "$ACCOUNT_ID" --site-id "$SITE_ID" --role owner
sitectl libops delete member "$ACCOUNT_ID" --site-id "$SITE_ID" --yes
```

Roles are `owner`, `developer`, and `read`.

## Firewall

```bash theme={null}
sitectl libops create firewall \
  --site-id "$SITE_ID" \
  --name office \
  --cidr 203.0.113.10/32 \
  --type FIREWALL_RULE_TYPE_HTTPS_ALLOWED

sitectl libops list firewall --site-id "$SITE_ID"
sitectl libops delete firewall "$RULE_ID" --site-id "$SITE_ID" --yes
```

Firewall rules do not currently support in-place update.

## Secrets

```bash theme={null}
sitectl libops create secret \
  --site-id "$SITE_ID" \
  --name SMTP_PASSWORD \
  --value "$SMTP_PASSWORD"

sitectl libops create secret \
  --site-id "$SITE_ID" \
  --name TLS_PRIVATE_KEY \
  --value-file ./tls.key

sitectl libops list secrets --site-id "$SITE_ID"
sitectl libops edit secret "$SECRET_ID" --site-id "$SITE_ID" --value "$NEW_VALUE"
sitectl libops delete secret "$SECRET_ID" --site-id "$SITE_ID" --yes
```

Secret values are write-only from the CLI.

## Settings

```bash theme={null}
sitectl libops create setting \
  --site-id "$SITE_ID" \
  --key support_email \
  --value help@example.edu

sitectl libops list settings --site-id "$SITE_ID"
sitectl libops edit setting "$SETTING_ID" --site-id "$SITE_ID" --value helpdesk@example.edu
sitectl libops delete setting "$SETTING_ID" --site-id "$SITE_ID" --yes
```