Tutorial

cPanel WHM vs Panelica RBAC: Reseller Hosting Management Compared

April 26, 2026

Back to Blog
Tutorial April 26, 2026

Reseller Hosting Needs a Permission Model

Hosting providers who sell to resellers need a permission system that delegates control without compromising security. The reseller must manage their own clients without accessing other resellers data or exceeding allocated resources. Panelica is a modern hosting control panel designed for multi-server environments with a four-tier RBAC system built into every API endpoint.

cPanel WHM Reseller Model

cPanel separates server management (WHM) from account management (cPanel). Reseller hosting works through WHM reseller accounts.

How It Works

  • Root WHM creates reseller accounts with allocated resources
  • Each reseller gets a WHM interface scoped to their accounts
  • Resellers create hosting packages (plans) with resource limits
  • Resellers create cPanel accounts under their reseller umbrella
  • Resource allocation: disk space, bandwidth, domains, email accounts, databases

Permission Granularity

WHM provides ACL (Access Control List) for reseller accounts with toggleable permissions for each WHM feature. Root administrators can enable or disable specific WHM functions for each reseller independently.

Limitations

  • Two-tier model only: root and reseller (no intermediate admin tier)
  • Reseller ACLs are binary (on/off per feature), not granular per resource
  • No cascading permission hierarchy beyond reseller to end-user
  • WHMCS or similar billing integration required for automated provisioning
  • Reseller resource overselling is possible if not carefully configured

Plesk Reseller Model

Plesk supports reseller plans through its subscription system.

  • Service plans define resource allocations
  • Reseller plans allow creating customer subscriptions
  • Resellers manage their own customers through a Plesk interface
  • Resource limits cascade from reseller plan to customer plan
  • Plesk 360 adds centralized multi-server reseller management

Panelica Four-Tier RBAC

Panelica provides container-native deployment and strict resource isolation. The RBAC system operates on four tiers: Root, Admin, Reseller, and User. Every API endpoint enforces role-based filtering.

Role Hierarchy

  • Root: Sees all records across the entire system. Manages all admins, resellers, and users
  • Admin: Sees only their own created resellers, their own created users, and the users created by their resellers. Does not see other admins resources
  • Reseller: Sees only users they directly created. Cannot see other resellers users
  • User: Sees only their own records (domains, databases, emails, FTP accounts)

The Admin Tier Difference

The most significant architectural difference is the Admin tier. cPanel has no equivalent. In cPanel, you are either root or a reseller. Panelica inserts an Admin role between Root and Reseller, allowing organizations to delegate server-level management without granting root access. An Admin can create and manage resellers and users within their own hierarchy without seeing other Admins resources.

Hierarchical Quota Enforcement

Resource quotas cascade down the hierarchy with enforcement at every level. A reseller cannot allocate more resources to their users than the reseller itself was granted. The quota calculation service validates every resource allocation against the parent tier. This prevents the overselling problem that cPanel resellers can create.

Per-Feature Permissions

Panelica uses a feature permission system where each capability (SSH access, cgroup resource management, Docker access, backup creation, etc.) can be enabled or disabled per plan tier. Permissions are stored as feature flags with default role assignments, so new features automatically inherit sensible defaults.

API-Level Enforcement

RBAC is not just a frontend filter. Every API handler calls the permission service to verify the requesting users role and ownership chain before returning data. The GetAllForUser pattern queries the database with role-aware WHERE clauses that traverse the created_by chain for Admin users using recursive subqueries.

Feature Comparison

  • Role Tiers: cPanel (2: root, reseller), Plesk (3: admin, reseller, customer), Panelica (4: root, admin, reseller, user)
  • Quota Cascade: cPanel (root to reseller), Plesk (plan-based), Panelica (4-tier hierarchical enforcement)
  • Oversell Prevention: cPanel (manual), Plesk (plan limits), Panelica (automatic at every tier)
  • API-Level RBAC: cPanel (WHM ACL), Plesk (subscription-based), Panelica (per-endpoint ownership check)
  • Feature Permissions: cPanel (WHM ACL toggles), Plesk (plan features), Panelica (per-plan feature flags)
  • Intermediate Admin: cPanel (no), Plesk (limited), Panelica (yes, full Admin tier)

Conclusion

cPanel WHM reseller management is well-established and familiar to the hosting industry. Plesk adds plan-based resource management. Panelica empowers sysadmins with RBAC and automated security tools, introducing a four-tier hierarchy with the Admin role filling a gap that cPanel and Plesk leave open. For hosting businesses with multiple levels of delegation (company admins managing resellers managing end users), the granularity of Panelica RBAC prevents resource conflicts and unauthorized access at every level.

Share:

More from the Blog

Announcement

Panelica Now Officially Supports Ubuntu 26.04 LTS — Resolute Raccoon Ready

Ubuntu 26.04 LTS "Resolute Raccoon" is out. Panelica is officially compatible from day one — fully tested across all 20 services, 5-layer isolation, and 246 API endpoints on Kernel 7.0.

Apr 25, 2026
Read more
Security

The MySQL 9.7 cPanel Meltdown: Why Upstream Trust Without Guardrails Breaks Production

On April 21, 2026, a MySQL repository metadata bug caused thousands of cPanel servers to silently upgrade to MySQL 9.7 overnight. Here is what happened, why cPanel servers had no structural defense, and how Panelica's build pipeline prevents this class of failure.

Apr 23, 2026
Read more
Announcement

Hosting Panel Benchmark 2026: Installation, Memory, Security Compared

Independent benchmark of Panelica, cPanel, Plesk, HestiaCP, CloudPanel, and CyberPanel on identical hardware. Real numbers on install time, RAM usage, disk footprint, and default security.

Apr 13, 2026
Read more
Tutorial

FTP and SFTP Management: cPanel vs Plesk vs Panelica — Security and Usability

How cPanel, Plesk, and Panelica handle FTP account creation, SFTP access, quota management, session monitoring, and chroot security. A practical comparison for hosting providers.

Apr 25, 2026
Read more
Tutorial

Cron Job and Task Scheduling: cPanel vs Plesk vs Panelica

Comparing cron job management across cPanel, Plesk, and Panelica. Covers scheduling interfaces, execution logging, RBAC filtering, Redis-backed state, and domain-scoped cron jobs.

Apr 23, 2026
Read more
See the Demo