Roles and Permissions
This page should describe how authenticated users are authorized inside DeltaFM after login succeeds.
Recommended structure
Document the authorization model in four layers:
- Auth0 organization membership
- Auth0 roles or permissions
- DeltaFM application roles
- Feature-level access rules in the API and UI
What to document
- what roles exist
- whether roles live in Auth0, DeltaFM, or both
- which permissions each role grants
- whether permissions are added to the token
- how tenant isolation is enforced
- whether users can hold multiple roles
- which actions are restricted by backend policy
Example role matrix
Role Example capabilities
Super Admin Manage platform-wide configuration
Client Admin Manage users, sites, and settings for one client
Supervisor Assign and review maintenance work
Technician Update assigned work orders
Read Only User View data without changing it
Implementation notes
When you fill this out, make sure the document answers:
- where the source of truth for roles lives
- how roles are provisioned
- how roles change over time
- how the backend checks permissions
- how the frontend hides or disables unauthorised actions