Process Guide

Roles and Permissions (RBAC)

Assign users to roles that match responsibility and follow least-privilege access.

Recommended Role Mapping

  • OrgAdmin: Full tenant configuration and user lifecycle management.
  • Manager: Team workflow oversight, planning, and report review.
  • Employee/Viewer: Operational usage with limited write actions.

RBAC Checklist

  1. 1. Validate backend role in JWT claim before granting UI permissions.
  2. 2. Restrict create/update/delete APIs to elevated roles.
  3. 3. Review role assignments monthly and remove stale accounts.