Skip to main content

Role & Permissions

The application uses a Role & Permission Matrix configurable by Super Admin.

Access the matrix

Settings → Roles & Permissions (Super Admin only)

Roles

RoleCodeDefault scope
Super Adminsuper_adminFull access — cannot be restricted
AdministratoradminBroad operational + org management
IT Managerit_managerAssets, requests, integrations, org
FinancefinanceRead assets, financial data, reports
Read-Only Userread_only_userView assets, requests, reports
Employee UseruserOwn assets, create requests

Permission groups

GroupPermissions
Assetsassets.read, assets.write, assets.delete, assets.finance, assets.discovery
Asset requestsrequests.read, requests.write, requests.review
Reportsreports.read
Employeesusers.read, users.write
Departmentsdepartments.read, departments.write
Locationslocations.read, locations.write
Organizationsorganizations.read, organizations.write
Site mapsitemap.read, sitemap.draw, sitemap.floors
Administrationsettings.manage, audit.read, webhooks.manage, integrations.manage

How permissions apply

  1. Sidebar navigation — menu items hidden if role lacks permission
  2. Route guardsProtectedRoute blocks direct URL access
  3. In-page actions — buttons check hasPermission() from Auth context
  4. Site map — draw mode requires sitemap.draw; add/remove floors requires sitemap.floors

Saving changes

  1. Toggle checkboxes in the matrix
  2. Click Save permissions
  3. Stored in Firestore settings/rolePermissions
  4. Users should refresh or re-login to pick up changes

User-specific overrides (site map)

Settings → Platform → Site map user overrides

Grant specific users draw or floor-edit access even if their role does not include it.

Reset to defaults

Click Reset to defaults in the matrix to restore built-in role permissions from src/utils/rbac.ts.

Implementation reference

FilePurpose
src/utils/rbac.tsDefault permissions, hasPermission()
src/services/rolePermissionSettingsService.tsFirestore load/save
src/context/RolePermissionsContext.tsxLoads overrides on login
src/components/settings/RolePermissionMatrixCard.tsxMatrix UI

Firestore requirement

Deploy rules with settings/rolePermissions write access for Super Admin before saving the matrix.

firebase deploy --only firestore:rules