Authorization Guide
11/16/25About 2 min
Authorization Guide
Overview
The Authorization module provides role-based access control (RBAC) with two main components:
- Permissions - Specific actions users can perform (e.g., "manage users")
- Roles - Collections of permissions assigned to users (e.g., "admin", "trainer")
Permissions
Viewing Permissions
Navigate to Resources β Permissions to view all system permissions.
Permissions listing page
Table Columns:
- NAME - Permission identifier (e.g., "manage users", "manage trainings")
- GUARD NAME - Security context (typically "web")
Common Permissions:
manage_XXview_XXupdate_XXdelete_XXcreate_XX
Actions:
- π View details
- β Edit permission
- π Delete permission
Creating Permissions
Info
Generally there is no need to create new permissions in the system as the system will not be aware of them or how to use them.
Step 1 : Fill Required Fields
Name (Required)
- Use lowercase with underscores
- Start with action verb:
manage_,view_,edit_,delete_,create_ - Examples:
manage_events,view_reports,edit_profiles
Guard Name (Required)
- Default:
web(for standard users) - Options:
web,api,admin
Step 2 : Save
Choose:
- Create Permission - Save and return to list
- Create & Add Another - Save and create another
- Cancel - Discard changes
Naming Best Practices:
β
Good: manage_events, view_reports, edit_user_profiles
β Bad: Events, ViewReports, edit users, del_train_recRoles
Viewing Roles
Navigate to Authorization β Roles to view all system roles.
Roles listing page
Common System Roles:
| Role | Typical Use |
|---|---|
admin | Full system access |
manager | Team and report management |
trainer | Training delivery and management |
team manager | Team-specific management |
staff | Basic employee access |
project manager | Project coordination |
user | Minimal end-user access |
Actions:
- π View role details
- β Edit role and permissions
- π Delete role
Creating Roles
Step 1: Click "Create Role"
Step 2: Fill Required Fields
Details Tab:
Name (Required)
- Use descriptive, lowercase names
- Examples:
trainer,project manager,hr specialist,content editor
Guard Name (Required)
- Default:
web - Options:
web,api,admin
Step 3: Assign Permissions (After Creating Role)
After saving, edit the role to assign permissions:
Example Permission Sets:
Admin Role:
β manage users
β manage roles
β manage permissions
β manage trainings
β manage events
β manage schedulesTrainer Role:
β manage trainings
β manage training sessions
β manage training records
β view schedulesManager Role:
β view users
β manage teams
β view reports
β manage schedulesUser Role:
β view own profile
β view own trainings
β register for eventsStep 4: Save
Choose:
- Create Role - Save and return to list
- Create & Add Another - Save and create another
- Cancel - Discard changes
Assigning Permissions to Roles
- Navigate to Resources β Roles
- Click on role name or pencil icon
- Find Permissions section
- Check desired permissions
- Click Update Role
Best Practices
Permission Naming
- Use consistent prefixes:
manage_,view_,edit_,delete_ - Be specific:
manage_training_recordsnot justmanage_trainings - Use lowercase with underscores
Role Design
- Create roles based on job functions, not individuals
- Follow principle of least privilege (minimal necessary access)
- Use descriptive role names:
content_editornotrole1 - Document which permissions each role needs
Security
- Regularly audit role permissions
- Don't create overly broad roles
- Separate sensitive permissions (e.g.,
manage_roles,manage_users) - Test role access before assigning to users
Common Use Cases
1. New Training Department
Create Roles:
training_coordinator- Full training managementtrainer- Deliver and record trainingstraining_viewer- Read-only training access
Assign Permissions:
training_coordinator: manage_trainings, manage_sessions, manage_records
trainer: manage_sessions, manage_records, view_trainings
training_viewer: view_trainings, view_sessions, view_records2. Team-Based Access
Create Roles:
team_lead- Manage specific teamsteam_member- Team participation
Assign Permissions:
team_lead: manage_teams, view_team_reports, assign_tasks
team_member: view_team_data, view_schedules3. Hierarchical Access
Create Roles:
super_admin- All permissionsdepartment_admin- Department-specific managementstaff- Basic operations