Roles and Permissions

OpsOS uses role-based access control (RBAC). Every user has a role, and every role has a set of permissions that determine what that user can see and do.

How it works

• Roles are containers for permissions. You create them and name them whatever makes sense for your team — "Warehouse Manager", "Finance", "Read Only", etc.
• Permissions are what actually control access. Each module has its own set — for example, Purchasing has separate permissions for creating POs, approving them, and managing suppliers.
• A user can only hold one role at a time.

Creating a role

1. Go to Settings → Roles.
2. Click Create Role.
3. Give it a name and select the permissions it should include.
4. Save.

Editing a role

1. Go to Settings → Roles.
2. Open the role you want to update.
3. Click Edit Role.
4. Change the role name if needed.
5. Add or remove inherited parent roles if the role should inherit from other roles.
6. Click Save Role or Save Inheritance, depending on the section you changed.

After that, open The Permissions Manager if you need to change what the role can do.

Assigning a role to a user

1. Go to Settings → Users.
2. Find the user and open their profile.
3. Change the role from the dropdown and save.

Default role

When a new user is invited, they are assigned the default role configured in settings. Change this if your default should be more restrictive than "Admin".

Tips

• Start restrictive and open up permissions as needed — it's easier to grant than to revoke.
• Use the permission search on the role editor to find specific permissions quickly.
• Each module has an access permission that controls whether users can see that module at all. A user without access to Inventory can't see the Inventory module, regardless of any other permissions they have.