SSAdmin LogoSlash

SSAdmin

Slash

Docs

HomeDocs
Getting StartedAuthenticationCommunicationUser ManagementScheduleAcademicAssessmentAdministrativeFinanceBackend

Permissions Management

Define and manage system permissions

Open in R.APPs

Overview

Permissions define specific actions that can be performed on resources within the system. This guide covers how to create and manage permissions that will be assigned to roles.

What is a Permission?

A permission grants the ability to perform a specific action on a specific resource. Permissions follow the format: action:resource

Examples:

  • read:students - Can view student data
  • write:courses - Can create/edit courses
  • delete:classes - Can remove classes
  • manage:settings - Full control over settings

Permission Format

Action (What can be done)

Common actions:

  • read - View/retrieve data
  • write - Create and update data
  • delete - Remove data
  • manage - Full control (all CRUD operations)
  • export - Download/export data
  • import - Upload/import data

Resource (What it applies to)

Common resources:

  • students - Student records
  • courses - Course data
  • classes - Class management
  • campuses - Campus information
  • reports - Reporting features
  • settings - System configuration
  • users - User management
  • roles - Role management

Viewing Permissions

The Permissions page displays:

  • Permission name (action:resource format)
  • Resource and action separately
  • Description
  • Number of roles with this permission
  • Actions (View, Edit, Delete)

Adding a New Permission

Step 1: Open Create Dialog

  1. Navigate to Backend > Permissions
  2. Click "Create Permission"

Step 2: Define the Permission

Resource* (Required):

  • The system resource this permission applies to
  • Examples: "students", "courses", "classes"
  • Use lowercase, plural form
  • One or two words max

Action* (Required):

  • What operation is allowed
  • Examples: "read", "write", "delete", "manage"
  • Use standard CRUD terminology
  • Single word, lowercase

Permission Name* (Required):

  • Auto-format as action:resource
  • Examples: "read:students", "write:courses"
  • Must be unique across the system

Description (Optional but Recommended):

  • Explain what this permission allows
  • Be specific about the scope
  • Mention any limitations

The Permission Name field should follow the action:resource format exactly. This ensures consistency across the system.

Step 3: Save the Permission

Click "Create Permission" to save.

After Creating

Assign the permission to appropriate roles (see Role-Permissions).

Editing a Permission

  1. Find permission in the table
  2. Click Edit button
  3. Update information
  4. Click "Update Permission"

Changing a permission affects all roles that have it assigned. Communicate changes to administrators.

Viewing Permission Details

Click View to see:

  • Complete permission information
  • All roles with this permission assigned
  • Number of users affected
  • Creation and update history

Deleting a Permission

  1. Click Delete button
  2. Confirm deletion

Deletion Restrictions:

  • Cannot delete if assigned to any roles
  • Remove from all roles first
  • Consider if truly no longer needed

Permission Categories

Data Access Permissions

Read Permissions:

  • read:students - View student information
  • read:courses - View course records
  • read:classes - View class details
  • read:reports - View reports

Write Permissions:

  • write:students - Create/edit students
  • write:courses - Create/edit courses
  • write:classes - Create/edit classes
  • write:attendance - Record attendance

Delete Permissions:

  • delete:students - Remove student records
  • delete:courses - Remove courses
  • delete:classes - Remove classes

Management Permissions

Settings Management:

  • manage:campuses - Full campus management
  • manage:courses - Full course management
  • manage:intakes - Intake management

User Management:

  • read:users - View user information
  • write:users - Create/edit users
  • manage:roles - Role management
  • manage:permissions - Permission management

Reporting Permissions

Reports:

  • read:reports - View reports
  • export:reports - Download report data
  • manage:reports - Create custom reports

Best Practices

Permission Design

  1. Follow Naming Convention:

    • Always use action:resource format
    • Lowercase only
    • No spaces or special characters

  2. Be Specific:

    • Create granular permissions
    • Separate read from write
    • Don't create overly broad permissions

  3. Use Standard Actions:

    • Stick to common CRUD terms
    • Avoid custom action names unless necessary
    • Maintain consistency

Permission Management

  1. Start Minimal:

    • Create only needed permissions
    • Add more as requirements emerge
    • Avoid permission bloat

  2. Group Logically:

    • Organize by resource/feature area
    • Makes assignment to roles easier
    • Easier to audit

  3. Document Clearly:

    • Write detailed descriptions
    • Explain edge cases or limitations
    • Update descriptions when behavior changes

Security

  1. Protect Sensitive Permissions:

    • Limit delete permissions
    • Restrict settings/configuration management
    • Control user and role management

  2. Separate Concerns:

    • Read separate from write
    • Create separate from delete
    • Allows principle of least privilege

  3. Review Regularly:

    • Quarterly audit of permissions
    • Remove unused permissions
    • Verify descriptions are current

Common Permission Sets

Volunteer Role

  • read:students
  • write:attendance
  • read:classes

Coordinator Role

  • read:students
  • write:students
  • write:attendance
  • read:reports
  • write:schedules

Team Lead Role

  • manage:students
  • manage:attendance
  • read:reports
  • export:reports
  • write:courses

Administrator Role

  • manage:students
  • manage:courses
  • manage:classes
  • manage:reports
  • manage:settings

Common Questions

Q: How many permissions should I create?

A: Start with basic CRUD operations for main resources. Most systems have 20-40 permissions. Add more as needed for granular control.

Q: Can I have custom action names?

A: Yes, but stick to standard terms when possible. Custom actions should be clear and documented.

Q: What's the difference between write and manage?

A: "write" typically means create/update. "manage" includes write plus delete and full control.

Q: Can permissions have multiple actions or resources?

A: No, each permission is one action on one resource. Combine multiple permissions in a role for broader access.

Q: How do I give someone full access to everything?

A: Create a "superadmin" role and assign all permissions to it. Better yet, use the organization-level "superadmin" role.

Roles Management

Create and manage RBAC roles

Role-Permission Assignments

Connect roles with permissions

On this page

Overview
What is a Permission?
Permission Format
Action (What can be done)
Resource (What it applies to)
Viewing Permissions
Adding a New Permission
Step 1: Open Create Dialog
Step 2: Define the Permission
Step 3: Save the Permission
After Creating
Editing a Permission
Viewing Permission Details
Deleting a Permission
Permission Categories
Data Access Permissions
Management Permissions
Reporting Permissions
Best Practices
Permission Design
Permission Management
Security
Common Permission Sets
Volunteer Role
Coordinator Role
Team Lead Role
Administrator Role
Common Questions
Related Topics