Permissions & Groups
Permissions & Groups
Uslimato uses a role-based access control (RBAC) system based on groups and named permissions. Administrators can control which users are allowed to perform which actions — more granular and flexible than a simple role system.
Overview
Permissions are not assigned directly to users, but to groups. A user receives all permissions from all groups they belong to (union semantics).
Permission management is located under Settings → Permissions and is only visible to administrators.
System Groups
Five system groups are automatically created when a tenant is set up. Their permissions are fixed and cannot be changed. Members, however, can be assigned freely.
| Group Name | Key | Permissions |
|---|---|---|
| Admin | admin | Administrator (Full Access) |
| Asset Maintainer | asset_maintainer | Manage Catalog, Manage Assets |
| Service Member | service_member | Use Assets, Use Processes |
| Process Manager | process_manager | Manage Processes, Use Processes |
| User Manager | user_manager | Manage Users |
Creating Custom Groups
Administrators can create any number of custom groups and assign them an individual combination of named permissions.
Steps:
- Open Settings → Permissions
- Click Create Group
- Enter a name (e.g. "Warehouse Team")
- Select the desired permissions via checkboxes
- Click Save
The new group appears immediately in the list. You can then assign users to it.
Assigning Users to a Group
- Click on a group in the list to expand it
- The expanded panel shows all current members
- Select a user from the search field
- Click Add Member
To remove a member, click the × icon next to their name.
Note: Group membership changes take effect immediately. The user does not need to log out — the permission cache is automatically invalidated on any group change.
Permission Catalog
These seven permissions are available:
| Permission | Meaning |
|---|---|
admin | Full access to all features — includes all other permissions |
catalog:write | Create, edit, and delete manufacturers, models, and asset types |
assets:write | Create, edit, and delete assets |
assets:use | Use assets — start processes, assignment and location management |
processes:manage | Create, edit, and delete process definitions |
processes:use | Start process instances and execute steps |
users:manage | Create and edit users, manage group memberships |
FAQ
What happens if a user belongs to multiple groups?
The effective permissions are the union of all group permissions. For example, if a user belongs to both "Service Member" and "Process Manager", they receive assets:use, processes:use, and processes:manage.
Can the permissions of system groups be changed?
No. The permissions of the five system groups are fixed. However, you can create custom groups with exactly the permission combination you need.
Can system groups be deleted?
No. System groups cannot be deleted. Only custom groups can be deleted.
How quickly do permission changes take effect?
Immediately — the permission cache is automatically refreshed on any group membership or permission change.