> ## Documentation Index
> Fetch the complete documentation index at: https://hc.pillargtm.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Authentication, session management, and role-based access control

# Authentication

PILLAR uses industry-standard authentication with Row-Level Security (RLS) enforcing multi-tenant data isolation.

## Auth Flow

1. User authenticates via email/password or SSO
2. A session token is issued and linked to the user record
3. RLS policies filter all queries by organization, ensuring complete data isolation

## User Roles

| Role                  | Access Level                                       |
| --------------------- | -------------------------------------------------- |
| Leader                | Full org access, all dashboards and settings       |
| Manager               | Team-level access, pipeline and forecast views     |
| Rep/CSM               | Own accounts, opportunities, and renewals          |
| Admin                 | Full access plus configuration and user management |
| Executive (Read-Only) | Read-only access to all dashboards                 |

## API Authentication

All API routes require a valid authenticated session.

```
GET /api/auth/me
```

Returns the current user profile including organization, role, and user identity.

## Data Isolation

All data is isolated by organization. Users can only access data belonging to their organization. Rep/CSM users are further scoped to their owned accounts and deals.
