Roles¶
Roles define sets of permissions that control admin panel access. Assign roles to users to manage what features and data each person can access and modify.
Overview¶
Roles enable you to:
- Define permission sets for different job functions
- Control admin access by role assignment
- Manage security with granular permissions
- Delegate responsibilities safely
- Maintain audit trails of who has access to what
Common roles: Admin, Manager, Editor, Vendor, Support Staff.
Accessing Roles¶
Navigate to User Management > Roles from the admin sidebar.
Understanding Roles¶
What Are Roles?¶
A role is a collection of permissions. Each permission controls access to a specific feature or action.
Permission Examples: - View Orders - Create Products - Edit Users - Delete Categories - View Analytics
Permission Structure¶
Permissions follow this pattern: - view: See records - view_any: See all records - create: Create new records - update: Edit existing records - delete: Remove records - delete_any: Delete any record
Managing Roles¶
Creating a Role¶
- Click New Role
- Enter Name (e.g., "Editor", "Vendor Manager")
- Select Guard (usually "web")
- Check Permissions to grant
- Toggle Select All to grant all permissions
- Click Create
Permission Selection¶
For each module (Orders, Products, Users, etc.): - View: Can see the section - View Any: Can see all records - Create: Can create new records - Update: Can edit records - Delete: Can delete records - Delete Any: Can delete any record
Editing Roles¶
- Click Edit link
- Update role name if needed
- Add/remove permissions by checking/unchecking
- Click Save
Deleting Roles¶
- Click Delete button
- Confirm deletion
Note: You cannot delete roles with assigned users.
Permission Levels¶
Read-Only Role¶
Grant only "view" and "view_any" permissions: - Users can see data but cannot modify it - Good for viewers/analysts
Editor Role¶
Grant view, view_any, create, update: - Can create and edit records - Cannot delete anything - Good for content managers
Full Access Role¶
Grant all permissions - Full control over all features - Use sparingly (typically admin only)
Restricted Role¶
Grant specific permissions only: - Only view Products and Orders - Cannot access Settings - Good for limited vendor access
Best Practices¶
- Principle of least privilege: Grant only needed permissions
- Role per function: Create roles matching job duties
- Regular review: Audit role assignments periodically
- Document roles: Keep notes on what each role does
- Use meaningful names: Make role purpose clear
- Avoid "super" roles: Limit full access roles
- Test permissions: Verify role works as intended
Common Workflows¶
Create Vendor Role¶
- Click New Role
- Name: "Vendor"
- Grant permissions:
- Products: view, view_any, create, update
- Orders: view, view_any
- Analytics: view, view_any
- Click Create
- Assign to vendor users
Create Support Staff Role¶
- Click New Role
- Name: "Support Staff"
- Grant permissions:
- Orders: view, view_any, update
- Users: view, view_any
- Reviews: view, view_any
- Click Create
Modify Existing Role¶
- Click Edit on the role
- Uncheck unnecessary permissions
- Check newly needed permissions
- Click Save
Troubleshooting¶
Q: Can a user have multiple roles? A: Yes, users can be assigned multiple roles and inherit all their permissions.
Q: What if I delete a role? A: Users lose permissions from that role (but keep others if assigned multiple roles).
Q: Can I change my own permissions? A: Admin users have full access by default.
Q: How do I know what permissions to grant? A: Start with minimal permissions and add as needed.
Q: Can users bypass role restrictions? A: No, permissions are enforced at the system level.
Quick Reference¶
| Permission | Allows |
|---|---|
| view | See section/records |
| view_any | See all records |
| create | Create new records |
| update | Edit existing records |
| delete | Delete own records |
| delete_any | Delete any record |
Related Sections¶
- Users - Assign roles to users