User Roles & Access Control

How are permissions assigned to a role (module + action level)?

Permissions are assigned at module + action granularity. Each of the ~20 modules (Orders, Catalogue, Delivery, Settlement, and so on) exposes actions — typically view/create/edit/delete plus module-specific ones like Vendors.ManageVendorMode. When configuring a role, the super admin ticks exactly which module/action combinations that role may perform. This means access can be shaped…

Permissions are assigned at module + action granularity. Each of the ~20 modules (Orders, Catalogue, Delivery, Settlement, and so on) exposes actions — typically view/create/edit/delete plus module-specific ones like Vendors.ManageVendorMode. When configuring a role, the super admin ticks exactly which module/action combinations that role may perform. This means access can be shaped precisely: a role might view orders but not cancel them, manage products but not touch settlement, or see analytics but not change settings. Because the gating is enforced at the controller level using those same permission strings, the assignment is real security, not cosmetic.

← Previous

How does the super admin create new roles?

What is the Super Admin role and why can't it be deleted?