# Roles & Permissions ### Overview ### Introduction The Roles and Permissions ensures secure and structured access control by defining role-based restrictions. Each role has specific permissions based on its hierarchy, preventing unauthorized modifications. The system automatically enforces these restrictions by disabling permission toggles for roles that lack the authority to make changes. {% hint style="info" %} NOTE The available features and actions within the Roles and Permissions page are strictly determined by your roles' permissions. This means that you will only have visibility and access to the following actions that are specifically authorized based on your assigned roles. {% endhint %} ### Role Hierarchy Rules & Restrictions The system enforces strict role-based access controls, ensuring that lower-level roles cannot exceed their intended permissions. #### Role Structure & Permissions * **Owner Role** – Has full permissions and can perform any action. * **Custom Roles:** * **Admin Role** – A pre-built but customizable role with a subset of the Owner's permissions. * **User Role** – A pre-built but customizable role with a subset of the Admin's permissions. * **Other Custom Roles** – Can be created but cannot exceed the creator’s permissions. #### Restrictions on Role Permissions The system enforces the following rules to maintain security and integrity: 1. **A role cannot modify its own permissions** * Example: A User cannot assign themselves additional permissions. 2. **A subset cannot modify superset permissions** * Example: A User cannot modify an Admin’s permissions. 3. **A role cannot grant permissions it does not possess** * Example: A Custom Role cannot grant "Manage Subscription" access if it does not already have that permission. #### System Behavior The system enforces these restrictions by disabling permission toggles based on role hierarchy, ensuring that roles cannot modify permissions beyond their designated authority. ### Managing Roles and Permissions This section explains how to add, edit, and delete roles while ensuring compliance with role hierarchy rules. #### Adding a New Role To create a new role, follow these steps: 1. Navigate to the Roles and Permissions section. 2. Click "Add Role" button. 3. Enter the following details: * Role Name *(required)* – A descriptive name for the role. * Description – Additional details about the role's purpose. * Status – Select from Active, Suspended, or Blocked. 4. Assign permissions (limited by role hierarchy rules). 5. Click Save to create the role. {% hint style="info" %} NOTE New roles cannot exceed the creator’s permissions. {% endhint %} #### Editing a Non-Prebuilt Custom Role 1. Navigate to the Roles and Permissions section. 2. Select the custom role you want to modify. 3. Click the ellipsis and choose Edit. 4. Modify the Description and Status as needed. 5. Adjust permissions (if allowed by hierarchy). 6. Click Save to apply the changes. {% hint style="info" %} NOTE * Prebuilt roles (Owner, Admin, and User) cannot be edited or modified. * If a role is a subset of another, it cannot modify its own permissions or the permissions of higher roles. {% endhint %} #### Deleting a Non-Prebuilt Custom Role To delete a role, follow these steps: 1. Navigate to the **Roles and Permissions** section. 2. Select the role to be deleted. 3. Click the ellipsis and choose **Delete**. 4. Confirm the deletion. {% hint style="info" %} NOTE Prebuilt roles (Owner, Admin, and User) cannot be deleted. {% endhint %}