diff --git a/src/ZB.MOM.WW.ScadaBridge.Security/Auth/AuthDisableLoginOptions.cs b/src/ZB.MOM.WW.ScadaBridge.Security/Auth/AuthDisableLoginOptions.cs
new file mode 100644
index 00000000..ff8b1606
--- /dev/null
+++ b/src/ZB.MOM.WW.ScadaBridge.Security/Auth/AuthDisableLoginOptions.cs
@@ -0,0 +1,19 @@
+namespace ZB.MOM.WW.ScadaBridge.Security.Auth;
+
+/// <summary>
+/// Dev/test flag: when <see cref="DisableLogin"/> is true the Central UI bypasses the login
+/// form entirely and auto-authenticates EVERY request as <see cref="User"/> with ALL roles,
+/// system-wide. Default OFF. This disables authentication on a SCADA control surface —
+/// dev/test ONLY; never enable in production.
+/// </summary>
+public sealed class AuthDisableLoginOptions
+{
+    /// <summary>Configuration section name (<c>ScadaBridge:Security:Auth</c>).</summary>
+    public const string SectionName = "ScadaBridge:Security:Auth";
+
+    /// <summary>When true, disable login and auto-authenticate every request. Default false.</summary>
+    public bool DisableLogin { get; set; }
+
+    /// <summary>The username the auto-login principal is minted with. Default "multi-role".</summary>
+    public string User { get; set; } = "multi-role";
+}
diff --git a/src/ZB.MOM.WW.ScadaBridge.Security/Roles.cs b/src/ZB.MOM.WW.ScadaBridge.Security/Roles.cs
index 2e1f4ccc..b3d90f45 100644
--- a/src/ZB.MOM.WW.ScadaBridge.Security/Roles.cs
+++ b/src/ZB.MOM.WW.ScadaBridge.Security/Roles.cs
@@ -38,4 +38,8 @@ public static class Roles
     public const string Designer = "Designer";
     public const string Deployer = "Deployer";
     public const string Viewer = "Viewer";
+
+    /// <summary>All declared ScadaBridge roles — the single source of truth for "all
+    /// permissions" (e.g. the dev auto-login principal). Stays in sync if a role is added.</summary>
+    public static readonly string[] All = [Administrator, Designer, Deployer, Viewer];
 }
diff --git a/tests/ZB.MOM.WW.ScadaBridge.Security.Tests/RolesAllTests.cs b/tests/ZB.MOM.WW.ScadaBridge.Security.Tests/RolesAllTests.cs
new file mode 100644
index 00000000..1488d6c7
--- /dev/null
+++ b/tests/ZB.MOM.WW.ScadaBridge.Security.Tests/RolesAllTests.cs
@@ -0,0 +1,15 @@
+using ZB.MOM.WW.ScadaBridge.Security;
+using Xunit;
+
+namespace ZB.MOM.WW.ScadaBridge.Security.Tests;
+
+public class RolesAllTests
+{
+    [Fact]
+    public void All_ContainsEveryDeclaredRole()
+    {
+        Assert.Equal(
+            new[] { Roles.Administrator, Roles.Designer, Roles.Deployer, Roles.Viewer },
+            Roles.All);
+    }
+}