diff --git a/ui/src/components/Layout.tsx b/ui/src/components/Layout.tsx
index 5d271b7..25fd0e3 100644
--- a/ui/src/components/Layout.tsx
+++ b/ui/src/components/Layout.tsx
@@ -34,6 +34,7 @@ export function Layout() {
   const { username, organizations, currentOrgId } = useOrgStore();
 
   const isVendor = scopes.has('platform:admin');
+  const isTenantAdmin = scopes.has('tenant:manage');
 
   // Determine current org slug for server dashboard link
   const currentOrg = organizations.find((o) => o.id === currentOrgId);
@@ -41,7 +42,7 @@ export function Layout() {
 
   // Build breadcrumbs from path
   const segments = location.pathname.replace(/^\//, '').split('/').filter(Boolean);
-  const breadcrumb = segments.map((seg, i) => {
+  const breadcrumb = segments.map((seg) => {
     const label = seg.charAt(0).toUpperCase() + seg.slice(1).replace(/-/g, ' ');
     return { label };
   });
@@ -67,56 +68,60 @@ export function Layout() {
         </Sidebar.Section>
       )}
 
-      {/* Tenant portal */}
-      <Sidebar.Section
-        icon={<LayoutDashboard size={16} />}
-        label="Dashboard"
-        open={false}
-        active={location.pathname === '/tenant'}
-        onToggle={() => navigate('/tenant')}
-      >
-        {null}
-      </Sidebar.Section>
+      {/* Tenant portal — only visible to tenant admins (tenant:manage scope) */}
+      {isTenantAdmin && (
+        <>
+          <Sidebar.Section
+            icon={<LayoutDashboard size={16} />}
+            label="Dashboard"
+            open={false}
+            active={location.pathname === '/tenant'}
+            onToggle={() => navigate('/tenant')}
+          >
+            {null}
+          </Sidebar.Section>
 
-      <Sidebar.Section
-        icon={<ShieldCheck size={16} />}
-        label="License"
-        open={false}
-        active={isActive(location, '/tenant/license')}
-        onToggle={() => navigate('/tenant/license')}
-      >
-        {null}
-      </Sidebar.Section>
+          <Sidebar.Section
+            icon={<ShieldCheck size={16} />}
+            label="License"
+            open={false}
+            active={isActive(location, '/tenant/license')}
+            onToggle={() => navigate('/tenant/license')}
+          >
+            {null}
+          </Sidebar.Section>
 
-      <Sidebar.Section
-        icon={<KeyRound size={16} />}
-        label="OIDC"
-        open={false}
-        active={isActive(location, '/tenant/oidc')}
-        onToggle={() => navigate('/tenant/oidc')}
-      >
-        {null}
-      </Sidebar.Section>
+          <Sidebar.Section
+            icon={<KeyRound size={16} />}
+            label="OIDC"
+            open={false}
+            active={isActive(location, '/tenant/oidc')}
+            onToggle={() => navigate('/tenant/oidc')}
+          >
+            {null}
+          </Sidebar.Section>
 
-      <Sidebar.Section
-        icon={<Users size={16} />}
-        label="Team"
-        open={false}
-        active={isActive(location, '/tenant/team')}
-        onToggle={() => navigate('/tenant/team')}
-      >
-        {null}
-      </Sidebar.Section>
+          <Sidebar.Section
+            icon={<Users size={16} />}
+            label="Team"
+            open={false}
+            active={isActive(location, '/tenant/team')}
+            onToggle={() => navigate('/tenant/team')}
+          >
+            {null}
+          </Sidebar.Section>
 
-      <Sidebar.Section
-        icon={<Settings size={16} />}
-        label="Settings"
-        open={false}
-        active={isActive(location, '/tenant/settings')}
-        onToggle={() => navigate('/tenant/settings')}
-      >
-        {null}
-      </Sidebar.Section>
+          <Sidebar.Section
+            icon={<Settings size={16} />}
+            label="Settings"
+            open={false}
+            active={isActive(location, '/tenant/settings')}
+            onToggle={() => navigate('/tenant/settings')}
+          >
+            {null}
+          </Sidebar.Section>
+        </>
+      )}
 
       <Sidebar.Footer>
         <Sidebar.FooterLink
diff --git a/ui/src/router.tsx b/ui/src/router.tsx
index d0ed528..7fd04da 100644
--- a/ui/src/router.tsx
+++ b/ui/src/router.tsx
@@ -6,6 +6,7 @@ import { OrgResolver } from './auth/OrgResolver';
 import { Layout } from './components/Layout';
 import { RequireScope } from './components/RequireScope';
 import { useScopes } from './auth/useScopes';
+import { useOrgStore } from './auth/useOrganization';
 
 import { VendorTenantsPage } from './pages/vendor/VendorTenantsPage';
 import { CreateTenantPage } from './pages/vendor/CreateTenantPage';
@@ -18,10 +19,21 @@ import { SettingsPage } from './pages/tenant/SettingsPage';
 
 function LandingRedirect() {
   const scopes = useScopes();
+  const { organizations, currentOrgId } = useOrgStore();
+  const currentOrg = organizations.find((o) => o.id === currentOrgId);
+
+  // Vendor → vendor console
   if (scopes.has('platform:admin')) {
     return <Navigate to="/vendor/tenants" replace />;
   }
-  return <Navigate to="/tenant" replace />;
+  // Tenant admin → tenant portal
+  if (scopes.has('tenant:manage')) {
+    return <Navigate to="/tenant" replace />;
+  }
+  // Regular user (operator/viewer) → server dashboard directly
+  const serverUrl = currentOrg?.slug ? `/t/${currentOrg.slug}/` : '/server/';
+  window.location.href = serverUrl;
+  return null;
 }
 
 export function AppRouter() {