Alpha Roles & Permissions
Role-based access control in Alpha
Roles & Permissions
Configure role-based access control (RBAC) in Alpha.
Understanding Roles
Roles are named collections of permissions that define what actions users can perform in the system. Instead of assigning individual permissions to each user, you assign roles that bundle related permissions together.
How Roles Work
- Create a role with the permissions needed for a job function
- Assign the role to users who perform that function
- Users inherit all permissions from their assigned roles
- Update the role to change permissions for all users with that role
Roles control what a user can do. For controlling where they can do it (which subsidiaries and projects), see Access Control.
System Roles vs Tenant Roles
Alpha has two types of roles:
| Type | Scope | Examples |
|---|---|---|
| System Roles | Platform-wide, cannot be modified | Super Admin, User |
| Tenant Roles | Organization-specific, fully customizable | Sales Manager, Warehouse User |
System roles are assigned by platform administrators. Tenant roles are managed within your organization.
Default Roles
| Role | Description |
|---|---|
| Administrator | Full system access |
| Sales Manager | Sales operations |
| Sales User | Order processing |
| Warehouse Manager | Inventory control |
| Warehouse User | Picking/receiving |
| Finance | Invoicing/payments |
| Viewer | Read-only access |
Managing Roles
Creating Roles
- Go to Administration > Roles
- Click Add Role
- Name the role
- Select permissions
- Save
Editing Roles
- Open role
- Add/remove permissions
- Save
- Affects all users with role
Deleting Roles
- Reassign users to other roles
- Delete role
- Cannot delete if users assigned
Permission Categories
Alpha organizes permissions by functional module. When creating or editing roles, you select permissions from these categories.
Application Permissions
Core system and administration permissions:
| Permission | Description |
|---|---|
| Tenant Admin | Full administrative access to the organization |
| Read Tenant | View organization settings |
| Update Tenant | Modify organization settings |
| Read Users | View user accounts |
| Manage Users | Create, edit, deactivate users |
| Manage Roles | Create and modify roles |
| Read Stats | View dashboard statistics |
| Finance Manager | Access to financial overview features |
| Create API Keys | Generate API keys for integrations |
| Read API Keys | View existing API keys |
| Delete API Keys | Remove API keys |
Products Permissions
| Permission | Description |
|---|---|
| Create Products | Add new products |
| Read Products | View product catalog |
| Update Products | Modify product information |
| Delete Products | Remove products |
Finance Permissions
Permissions for financial operations:
Clients
| Permission | Description |
|---|---|
| Create Clients | Add new clients |
| Read Clients | View client information |
| Update Clients | Modify client details |
| Delete Clients | Remove clients |
Estimates
| Permission | Description |
|---|---|
| Create Estimates | Create new estimates |
| Read Estimates | View estimates |
| Update Estimates | Modify estimates |
| Delete Estimates | Remove estimates |
Purchase Orders
| Permission | Description |
|---|---|
| Create PO | Create purchase orders |
| Read PO | View purchase orders |
| Update PO | Modify purchase orders |
| Delete PO | Remove purchase orders |
| Review PO | Review and approve purchase orders |
| Close PO | Close completed purchase orders |
| Reinstate PO | Reopen closed purchase orders |
| Manage Suppliers PO | Manage supplier relationships |
Sales Orders
| Permission | Description |
|---|---|
| Create Orders | Create sales orders |
| Read Orders | View sales orders |
| Update Orders | Modify sales orders |
| Delete Orders | Remove sales orders |
Invoices
| Permission | Description |
|---|---|
| Create Invoices | Generate invoices |
| Read Invoices | View invoices |
| Update Invoices | Modify invoices |
| Delete Invoices | Remove invoices |
Suppliers
| Permission | Description |
|---|---|
| Create Suppliers | Add new suppliers |
| Read Suppliers | View supplier information |
| Update Suppliers | Modify supplier details |
| Delete Suppliers | Remove suppliers |
Inventory Permissions
| Permission | Description |
|---|---|
| Create Inventory | Add inventory records |
| Read Inventory | View stock levels |
| Update Inventory | Modify inventory |
| Delete Inventory | Remove inventory records |
| Create Picklists | Generate pick lists |
| Read Picklists | View pick lists |
| Update Picklists | Modify pick lists |
| Delete Picklists | Remove pick lists |
| Create Count | Start stock counts |
| Read Count | View stock counts |
| Update Count | Modify stock counts |
| Delete Count | Remove stock counts |
| Review Count | Review and approve counts |
| Close Count | Finalize stock counts |
Production Permissions
| Permission | Description |
|---|---|
| Create Production | Create production orders |
| Read Production | View production orders |
| Update Production | Modify production orders |
| Delete Production | Remove production orders |
| Create Materials | Add material records |
| Read Materials | View materials |
| Update Materials | Modify materials |
| Delete Materials | Remove materials |
| Manage Shifts | Configure production shifts |
| Manage Waste | Configure waste categories |
| Report Waste | Record production waste |
Projects Permissions
| Permission | Description |
|---|---|
| Create Projects | Create new projects |
| Read Projects | View project information |
| Update Projects | Modify project details |
| Delete Projects | Remove projects |
Configurator Permissions
For product configuration features:
| Permission | Description |
|---|---|
| Create/Read/Update/Delete Concepts | Manage configurator concepts |
| Create/Read/Update/Delete Types | Manage product types |
| Create/Read/Update/Delete Options | Manage configuration options |
| Create/Read/Update/Delete Option Codes | Manage option codes |
| Create/Read/Update/Delete Variables | Manage configuration variables |
| Create/Read/Update/Delete Queue Jobs | Manage processing queue |
Asset Management Permissions
| Permission | Description |
|---|---|
| Create Assets | Add new assets |
| Read Assets | View asset information |
| Update Assets | Modify asset details |
| Delete Assets | Remove assets |
Permission Levels
When viewing permissions in the role editor, they follow standard CRUD operations:
| Level | Access |
|---|---|
| None | No access to the feature |
| Read | View only access |
| Create | Can create new records |
| Update | Can modify existing records |
| Delete | Can remove records |
| Full | All operations available |
Role Hierarchy
Example Structure
Administrator (all permissions)
├── Manager Roles (department permissions)
│ ├── Sales Manager
│ ├── Warehouse Manager
│ └── Finance Manager
└── User Roles (limited permissions)
├── Sales User
├── Warehouse User
└── ViewerAssigning Roles
Single Role
Users typically have one role:
- Open user
- Select role
- Save
Multiple Roles
If needed:
- Create combined role
- Or assign multiple
- Permissions combine
Testing Roles
Before Deployment
- Create test user
- Assign role
- Test access
- Verify restrictions
Best Practices
Principle of Least Privilege
- Grant minimum needed access
- Start restrictive
- Add permissions as needed
Role Maintenance
- Review roles quarterly
- Remove unused permissions
- Document role purposes
Roles vs Access Control
It's important to understand the difference between roles and access control:
| Aspect | Roles | Access Control |
|---|---|---|
| Controls | What actions users can perform | Which resources users can see |
| Scope | Feature permissions | Subsidiaries and projects |
| Inheritance | Users inherit role permissions | Subsidiary access inherits to children |
| Documentation | This page | Access Control |
A user needs both appropriate role permissions and resource access to perform an action on a specific resource.