Roles and Permissions
Create roles, assign module-level permissions, and manage employee permission groups for access control.
The Roles and Permissions settings control who can access what within TransportechAI. By defining roles with specific permissions, you ensure that each team member sees only the modules and actions relevant to their job function. This page covers role creation, permission assignment, and employee permission groups.
Navigation: Settings > General > Roles / Permissions
Purpose
A fleet management platform handles sensitive financial data, employee records, dispatch operations, and vehicle information. Without proper access control:
- Drivers could access payroll data they should not see.
- Junior staff could approve expenses without authorization.
- Sensitive HR records could be exposed to unauthorized users.
Roles and permissions solve this by letting you define exactly which modules and actions each group of users can access.
How Roles Work
Every user in TransportechAI is assigned one role. That role determines:
- Which modules appear in the sidebar navigation
- Which pages within a module the user can view
- Which actions the user can perform (create, edit, delete, approve)
| Concept | Description |
|---|---|
| Role | A named set of permissions (e.g., "Fleet Manager", "Finance Officer", "Driver") |
| Permission | A specific access right for a module or action (e.g., "View Expenses", "Approve Leave") |
| Module | A major section of the platform (e.g., Finance, HR, Fleet, Dispatch) |
Viewing Existing Roles
To view all roles configured in your company:
- Navigate to Settings > General > Roles.
- The roles list displays all active roles with the following columns:
| Column | Description |
|---|---|
| Role Name | The display name of the role |
| Description | A brief summary of what the role is for |
| Users Assigned | The number of users currently assigned to this role |
| Created Date | When the role was first created |
| Status | Active or Inactive |
Creating a New Role
To create a new role:
- Navigate to Settings > General > Roles.
- Click the "Add Role" button.
- Fill in the role details:
Role Name
Choose a clear, descriptive name that reflects the job function. This name appears throughout the platform when assigning users.
Good examples: "Fleet Manager", "Finance Officer", "HR Coordinator", "Dispatch Operator", "Driver"
Avoid: Generic names like "User Level 1" or "Access Group A" that do not convey meaning.
Description
Write a brief explanation of who should be assigned this role and what access they need. This helps other administrators understand the role's purpose when managing users.
Assign Permissions
After naming the role, you configure its permissions. Permissions are organized by module, and each module has a set of granular actions you can enable or disable.
Permission Structure
Permissions are organized in a hierarchical structure: Module > Sub-Module > Action.
Module-Level Permissions
| Module | Sub-Modules / Areas |
|---|---|
| Dashboard | View dashboard, view analytics |
| Dispatch | Trips, bookings, route planning |
| Fleet | Vehicles, maintenance, inspections |
| Employees | Employee list, employee details, onboarding |
| HR | Attendance, leave, work schedules |
| Finance | Expenses, payroll, reimbursement, loans, fines, cash deposit, vehicle assets |
| Settings | General settings, employee settings, HR settings |
Action-Level Permissions
For each sub-module, you can grant or deny the following actions:
| Action | Description |
|---|---|
| View | Can see the data and navigate to the page |
| Create | Can add new records |
| Edit | Can modify existing records |
| Delete | Can remove or deactivate records |
| Approve | Can approve or reject pending items (expenses, leave, etc.) |
| Export | Can export data to CSV or PDF |
The View permission is required for all other actions. A user cannot create, edit, or delete records in a module they cannot view. When you enable Create, Edit, or Delete, the View permission is automatically enabled.
Example: Finance Officer Role
A typical Finance Officer role might have these permissions:
| Module | View | Create | Edit | Delete | Approve | Export |
|---|---|---|---|---|---|---|
| Expenses | Yes | Yes | Yes | No | Yes | Yes |
| Payroll | Yes | Yes | Yes | No | No | Yes |
| Reimbursement | Yes | Yes | Yes | No | Yes | Yes |
| Loans | Yes | Yes | Yes | No | No | Yes |
| Fines | Yes | No | No | No | No | Yes |
| Vehicle Assets | Yes | No | No | No | No | No |
| Cash Deposit | Yes | Yes | Yes | No | Yes | Yes |
Example: Driver Role
A Driver role is typically very restricted:
| Module | View | Create | Edit | Delete | Approve | Export |
|---|---|---|---|---|---|---|
| Dashboard | Yes | No | No | No | No | No |
| My Attendance | Yes | No | No | No | No | No |
| My Leave | Yes | Yes | No | No | No | No |
| My Schedule | Yes | No | No | No | No | No |
Editing a Role
To modify an existing role:
- Navigate to Settings > General > Roles.
- Click on the role you want to edit.
- Update the name, description, or permissions as needed.
- Click Save to apply the changes.
Changes to a role take effect immediately for all users assigned to that role. If you remove a permission, users currently on that page will lose access on their next navigation or page refresh. Communicate permission changes to affected users before making them.
Deactivating a Role
If a role is no longer needed:
- Navigate to Settings > General > Roles.
- Click on the role to open its details.
- Toggle the Status to Inactive, or click the Deactivate button.
You cannot deactivate a role that still has users assigned to it. Reassign those users to a different role first, then deactivate the role.
Permission Groups
Permission Groups (found under Settings > General > Permissions) provide an additional layer of access control that works alongside roles. While roles define what modules and actions a user can access, permission groups let you create reusable sets of permissions that can be applied to multiple employees.
When to Use Permission Groups
- When you have employees with the same role but different access needs (e.g., two HR coordinators where one handles leave and the other handles attendance).
- When you need temporary elevated access for a specific project.
- When you want to create standardized permission templates that can be quickly assigned.
Creating a Permission Group
- Navigate to Settings > General > Permissions.
- Click "Add Permission Group".
- Enter a name and description for the group.
- Select the specific permissions to include.
- Click Save.
Assigning a Permission Group
- Navigate to the employee's profile or the Permissions settings page.
- Select the employee(s) you want to assign the group to.
- Choose the permission group from the dropdown.
- Click Apply.
When both a role and a permission group are assigned to a user, the effective permissions are the union of both. This means the user gets access to everything granted by either the role or the permission group. Permission groups can only add access -- they cannot revoke permissions granted by a role.
Default System Roles
TransportechAI ships with several default roles that cover common organizational needs. You can use these as-is or customize them.
| Default Role | Description | Typical Users |
|---|---|---|
| Super Admin | Full access to all modules and settings | Company owner, IT administrator |
| Admin | Full access to most modules, limited settings access | Office manager, operations lead |
| HR Manager | Access to HR, employees, attendance, leave, and schedules | HR department heads |
| Finance Manager | Access to all finance modules and reports | Finance team leads |
| Fleet Manager | Access to fleet, vehicles, maintenance, and dispatch | Fleet operations managers |
| Supervisor | View access to team data, limited edit permissions | Team leads, shift supervisors |
| Employee | View personal data, submit requests | Office staff, support team |
| Driver | Minimal access -- own schedule, attendance, and leave | All drivers |
The Super Admin role cannot be modified or deleted. There must always be at least one active Super Admin in the system to prevent lockout scenarios.
Best Practices
- Principle of least privilege -- Grant only the permissions each role truly needs. Start minimal and add permissions as requests come in, rather than granting broad access and trying to restrict later.
- Name roles after job functions -- Use names like "Fleet Dispatcher" or "Payroll Clerk" rather than generic labels. This makes it immediately clear who should be assigned each role.
- Review roles quarterly -- As your organization evolves, role requirements change. Schedule periodic reviews to ensure permissions still match actual needs.
- Document custom roles -- When you create a role with non-obvious permissions, use the description field to explain the reasoning. Future administrators will appreciate the context.
- Limit the number of Super Admins -- Keep the number of users with full system access to a minimum (typically 1-3 people).
- Test new roles -- Before assigning a new role to many users, assign it to one test user first and verify the access is correct.
Troubleshooting
| Issue | Solution |
|---|---|
| User cannot see a module | Check their role's permissions for that module. Ensure "View" is enabled. |
| User can view but not create | Verify the "Create" action is enabled for that specific sub-module in their role. |
| Permission changes not taking effect | Ask the user to refresh their browser. Permission changes apply on next page load. |
| Cannot delete a role | Ensure no users are assigned to the role. Reassign them first. |
| Cannot modify Super Admin role | The Super Admin role is protected and cannot be edited. Create a custom admin role if you need different permissions. |