#Roles & Permissions

Roles and permissions control what users can see and do in the system. Each role bundles a set of permissions that can be assigned to users.

#How It Works

Users are assigned roles, and those roles grant them permissions.

#Organization-Scoped Roles

Roles are scoped to your organization. This means:

• A user can have different roles in different organizations
• Role assignments only apply within your organization
• Permissions are checked against the current organization context

#Assigning Roles to Users

1. Go to Users → Users
2. Find the user and click Edit
3. In the Roles section, check the roles to assign
4. Save changes

A user can have multiple roles. Their effective permissions are the combination of all assigned roles.

#Common Role Examples

#Permission Categories

Permissions are typically organized by resource:

• View — See records and details
• Create — Add new records
• Update — Edit existing records
• Delete — Remove records

For example, the "Services" resource might have:

• view_service
• create_service
• update_service
• delete_service

#Managing Roles

Roles are managed through the Shield plugin. Administrators can:

• Create new roles
• Define which permissions each role includes
• Assign roles to users

#Best Practices

1. Use roles, not individual permissions — Assign roles to users rather than individual permissions for easier management
2. Principle of least privilege — Give users only the permissions they need
3. Review regularly — Periodically audit role assignments
4. Name roles clearly — Use descriptive names that reflect the job function