User Roles & Permissions
Understanding the role-based access control system in Stripes and how permissions are managed across different organizational levels.
Overview
Stripes implements a multi-level permission system that operates at both system and project levels, ensuring secure and appropriate access to functionality based on user responsibilities.
System Roles vs Project Roles
The application distinguishes between two types of roles:
- System Roles: Define global access and administrative capabilities
- Project Roles: Define access within specific projects and operational contexts
System Roles
System roles control access to administrative functions and define what users can do at the organizational level.
Super Admin
Scope: Global system administration
Capabilities:
- Complete system access and configuration
- Create and manage all clients, branches, and organizations
- Access to all system modules and functions
- User account creation and role assignment across all organizations
- System-wide settings and configuration management
- Backup, restore, and system maintenance operations
- Access to all audit logs and system reports
Access Areas:
- All System Module functions
- Global settings and configurations
- System maintenance and monitoring tools
Admin
Scope: Client-level administration
Capabilities:
- Full administrative access within assigned teams
- Create and manage branches within their clients
- Manage teams and user accounts for their organization
- Access to all modules within their client scope (with the exception of Settings)
- Project creation and management across all branches
Access Areas:
- Client-specific System Module functions
- All Preparation and Execution modules for their clients
- Branch and team management
Team Admin
Scope: Team-level administration
Capabilities:
- Manage team members and assignments
- Create and manage projects for their teams
- Access to Preparation and Execution modules for their teams
- Team performance monitoring and reporting
Access Areas:
- Team management functions
- Project creation for their teams
- Team-specific reporting
- Limited System Module access
User Admin
Scope: User management
Capabilities:
- Manage team members and assignments
- Create and manage projects for their teams
- Access to Preparation and Execution modules for their teams
- Team performance monitoring and reporting
- Create and manage user accounts within their scope
- Assign project roles to users
- Manage user permissions and access
- Monitor user activity and performance
Access Areas:
- User management interfaces
- Role assignment functions
- User activity reporting
Module Access by System Role
| Module | Super Admin | Admin | Team Admin | User Admin |
|---|---|---|---|---|
| System Module | ✅ Full | ✅ Full | ✅ Team-scope | ✅ Team-scope |
| Teams | ✅ All | ✅ All | ✅ Own team | ❌ |
| Users | ✅ All | ✅ All | ✅ Team | ✅ Assigned |
| Clients | ✅ All | ✅ All | ❌ | ❌ |
| Branches | ✅ All | ✅ All | ❌ | ❌ |
| Projects | ✅ All | ✅ All | ✅ Team | ❌ |
| Settings | ✅ All | ❌ | ❌ | ❌ |
| Devices | ✅ All | ✅ All | ✅ Team | ❌ |
| Preparation Module | ✅ All | ✅ All | ✅ Team | ❌ |
| Execution Module | ✅ All | ✅ All | ✅ Team | ❌ |
Project Roles
Project roles define what users can do within specific stocktaking projects during execution.
TeamManager
Scope: Project-level team management
Capabilities:
- Oversee project execution and progress
- Assign zones and tasks to team members
- Monitor project quality and performance
- Access to all project data and reporting
- Approve or reject scan results and verifications
- Manage project timeline and resource allocation
Access During Project:
- Full project dashboard access
- Zone assignment and management
- Quality management and verification
- Project export and reporting
- Team performance monitoring
AreaManager
Scope: Area or zone-level management
Capabilities:
- Manage specific areas or zones within projects
- Assign tasks to employees in their areas
- Review and verify scan results for their zones
- Monitor area-specific performance metrics
- Escalate issues to team managers
Access During Project:
- Area-specific dashboard views
- Zone management for assigned areas
- Scan verification for their zones
- Area-specific reporting
Employee
Scope: Task execution
Capabilities:
- Execute assigned stocktaking tasks
- Perform scanning operations
- Update task status and progress
- Access basic project information
- Submit issues and requests for assistance
Access During Project:
- Task-specific interfaces
- Scanning functionality
- Basic progress reporting
- Help and support features
Project Access by Project Role
| Feature | TeamManager | AreaManager | Employee |
|---|---|---|---|
| Project Dashboard | ✅ Full | ✅ Area-specific | ✅ Limited view |
| Live Statistics | ✅ All | ✅ Area | ❌ |
| Planning | ✅ Manage | ✅ Area only | ✅ Limited view to perform verifications |
| Zone Assignment | ✅ All zones | ✅ Own areas | ❌ |
| Scanning Operations | ✅ Monitor | ✅ Execute | ✅ Execute |
| Scan Review | ✅ All | ✅ Area | ✅ Own |
| Verification | ✅ All | ✅ Area | ✗ |
| Quality Management | ✅ Full | ✅ Area | ❌ |
| Export & Reporting | ✅ All | ✅ Area | ❌ |