Brand-Logo
AutoBridge

Role-Based Access Control (RBAC) - Configuration Guide

Overview

Role-Based Access Control (RBAC) in the Permitting System provides a comprehensive framework for managing user permissions. The system uses a hierarchical structure of Roles, Resources, Modules, and Actions to control access to features and data throughout the platform.

Key Concepts

ConceptDescription
RoleA named collection of permissions assigned to users
ResourceA specific feature, entity, or data type that can be protected
ModuleA logical grouping of related features or functionality
ActionA specific operation that can be performed (read, write, delete, etc.)
PermissionThe combination of Resource + Action that grants specific access

Prerequisites

Before configuring RBAC, ensure:

  • User has System Administrator or Super Admin role
  • User has access to the Administration section
  • Understanding of organizational role requirements
  • Documentation of required permission mappings

Quick Start: Step-by-Step Instructions

This section provides simple, direct instructions for common role management tasks.

How to Create a New Role

Step 1: Open Role Management

  1. Click Administration in the main navigation menu
  2. Click Settings in the sidebar
  3. Click Roles

Step 2: Add the New Role

  1. Click the Add New Role button (top right)
  2. Fill in the form:
    • Role Name: Enter a descriptive name (e.g., "Permit Technician", "Inspector")
    • Role Description: (Optional) Describe what this role does
  3. Click Next or scroll to the permissions section

Step 3: Select Permissions

  1. Permissions are grouped by module. Expand each module to see available permissions.
  2. For a typical Permit Technician role, select:
    • ENTITY_RECORD module: VIEW_ENTITY_RECORD, CREATE_ENTITY_RECORD, EDIT_ENTITY_RECORD
    • ENTITY_VIEWS module: VIEW
  3. For an Inspector role, also add:
    • CALENDAR_ADMIN: VIEW, MANAGE (for scheduling)
  4. Click Save to create the role

How to Assign a Role to a User

Step 1: Open User Management

  1. Click Administration in the main navigation menu
  2. Click User Management in the sidebar
  3. Find the user you want to modify (use the search bar if needed)

Step 2: Edit User Roles

  1. Click on the user's row to open their profile, OR click the Edit (pencil) icon
  2. Scroll to the Roles section
  3. Click the Roles dropdown
  4. Check the box next to each role you want to assign (e.g., "Permit Technician")
  5. Click Save or Update User

Step 3: Verify the Assignment

  1. The user must log out and log back in for the new permissions to take effect
  2. To verify, check the user's profile shows the assigned roles

How to Remove a Role from a User

  1. Go to Administration > User Management
  2. Click on the user to edit
  3. In the Roles section, uncheck the role you want to remove
  4. Click Save
  5. The user must log out and log back in for changes to take effect

Recommended Roles for Permitting

Role NamePurposeKey Permissions
Permit TechnicianProcess permit applicationsView/Create/Edit entity records, View dashboards
Senior Permit TechnicianProcess + approve permitsSame as above + Delete records, View all department data
InspectorConduct inspectionsView/Edit entity records, Calendar access
Permit SupervisorManage staff, approve complex permitsAll permit permissions + User management
Permit AdministratorConfigure systemAll permissions including Entity Manager configuration

Troubleshooting

Common Issues

User Cannot Access Feature

Check:

  1. User's role has the required resource permission
  2. User's role includes the required module
  3. User has logged out and back in after permission changes
  4. Check browser console for authorization errors

Permission Changes Not Taking Effect

Check:

  1. Clear browser cache and local storage
  2. User must log out and log back in
  3. Verify the role was saved successfully
  4. Check that user is assigned to the updated role

Related Documentation

Technical Reference

The sections below provide detailed technical information for developers and advanced administrators.

Section 1: System Roles

1.1 Built-in Roles

The system includes the following predefined roles:

RoleValueDescriptionTypical Use
Super Adminsuper_adminFull system accessPlatform administrators
UseruserStandard user accessRegular staff members
System Managersystem_managerSystem configuration accessIT administrators
Department Managerdepartment_managerDepartment-level managementDivision supervisors
Department Userdepartment_userDepartment-level accessDepartment staff

1.2 Role Hierarchy

LevelRoleInherits From
1Super Admin
2System ManagerSuper Admin
3Department ManagerSystem Manager
4Department UserDepartment Manager
5UserDepartment User

Section 2: Resources

2.1 Core System Resources

ResourceValueDescription
UsersusersUser account management
RolesrolesRole configuration
PermissionspermissionsPermission definitions
Role Permissionsrole_permissionsRole-permission assignments
User Rolesuser_rolesUser-role assignments

2.2 Entity Management Resources

ResourceValueDescription
Entity ManagerENTITY_MANAGEREntity configuration access
EntityENTITYEntity CRUD operations
DashboardsDASHBOARDSDashboard access

2.3 Document Processing / Process Library Resources

These resources control access to the Document Processing module (also known as Process Library). This module provides AI-powered permit evaluation, criteria management, and the permit dashboard for analytics.

ResourceValueDescriptionUI Location
Permit ProcessPERMIT_PROCESSCreate/manage permit processesProcess Library > Processes
Permit CriteriaPERMIT_CRITERIAConfigure evaluation criteriaProcess Library > Criteria
Permit TemplatePERMIT_TEMPLATEManage permit form templatesProcess Library > Templates
Permit FieldPERMIT_FIELDConfigure permit fieldsProcess Library > Field Config
Permit IntegrationPERMIT_INTEGRATIONExternal system integrationsProcess Library > Integrations
Permit EvaluationPERMIT_EVALUATIONAI evaluation rules & scoringProcess Library > AI Rules
Permit NotificationPERMIT_NOTIFICATIONNotification settingsProcess Library > Notifications
Permit DashboardPERMIT_DASHBOARDAnalytics & reporting dashboardProcess Library > Dashboard
Permit DeterminationPERMIT_DETERMINATIONApproval/denial decisionsProcess Library > Determinations
Permit AuditPERMIT_AUDITAudit trail & historyProcess Library > Audit Logs
Permit ReportPERMIT_REPORTGenerate permit reportsProcess Library > Reports
Permit ExplanationPERMIT_EXPLANATIONAI-generated explanationsProcess Library > AI Explanations

Note: These resources are specific to the Document Processing (Process Library) module. Staff who only process permits through Entity Manager views do not need access to these resources.

2.4 Calendar/Scheduling Resources

ResourceValueDescription
Calendar AdminCALENDAR_ADMINCalendar administration

2.5 Administration Resources

ResourceValueDescription
AdministrationADMINISTRATIONAdmin panel access
SecuritySECURITYSecurity settings
System IntegrationSYSTEM_INTEGRATIONIntegration management
User ManagementUSER_MANAGEMENTUser administration
Role ManagementROLE_MANAGEMENTRole administration
Billing ManagementBILLING_MANAGEMENTBilling features
Profile ManagementPROFILE_MANAGEMENTUser profile settings

2.5 Communication Resources

ResourceValueDescription
Message ManagementMESSAGE_MANAGEMENT_PERMISSIONSMessage handling
Communication ChannelCOMMUNICATION_CHANNEL_MANAGEMENT_PERMISSIONSChannel setup
Communication ActionsCOMMUNICATION_ACTIONSSend/receive operations
Channel SpecificCHANNEL_SPECIFIC_PERMISSIONSPer-channel settings
Department ManagementDEPARTMENT_MANAGEMENT_PERMISSIONSDepartment config

2.6 Reporting & Analytics Resources

ResourceValueDescription
ReportsREPORTSReport access
WorkflowWORKFLOWWorkflow management
Data ImportDATA_IMPORTData import features
AI InsightsAI_INSIGHTSAI analytics
NotificationsNOTIFICATIONSNotification settings

Section 3: Modules

3.1 Permitting Solution Modules

The following modules are used in the Permitting Solution. When configuring roles, focus on these modules:

ModuleValueDescriptionPermitting Use
Entity ViewsENTITY_VIEWView configurationPermit list views, Kanban boards
EntityENTITYEntity managementPermit type definitions
Entity ManagerENTITYFull entity manager accessConfigure permit entities
Automation BuilderAUTOMATION_BUILDERAutomation configurationPermit workflow automations
Entity RecordENTITY_RECORDRecord-level accessIndividual permit records
AppsAPPSApplication accessCore application access
User ManagementUSER_MANAGEMENTUser administrationStaff account management
Permit ProcessingPERMIT_PROCESSINGDocument Processing / Process LibraryAI-powered permit evaluation

Note: Other platform modules (Workforce, AI-EMS, EDS, Contract Analysis, Legal Assistant, Constituent Complaints) are not used in the Permitting Solution and are not covered in this guide.

Section 4: Actions

4.1 Standard CRUD Actions

ActionValue (Legacy)Value (New)Description
ReadreadREADView data
WritewriteWRITECreate/modify data
CreatecreateCREATECreate new records
UpdateupdateUPDATEModify existing records
DeletedeleteDELETERemove records

4.2 View & Manage Actions

ActionValueDescription
ViewVIEWRead-only access
ManageMANAGEFull control
EditEDITModification access
ConfigureCONFIGUREConfiguration access

4.3 Entity Record Actions

ActionValueDescription
View Entity RecordVIEW_ENTITY_RECORDView record details
Create Entity RecordCREATE_ENTITY_RECORDCreate new records
Edit Entity RecordEDIT_ENTITY_RECORDModify records
Delete Entity RecordDELETE_ENTITY_RECORDDelete records
View Payment HistoryVIEW_PAYMENT_HISTORYView payment records
View Audit LogsVIEW_AUDIT_LOGSView audit trail

4.4 Workflow Actions

ActionValueDescription
View WorkflowVIEW_WORKFLOWView workflow status
View Error DataVIEW_ERROR_DATAView error logs
View Import DataVIEW_IMPORT_DATAView import history

4.5 Message Actions

ActionValueDescription
View All MessagesVIEW_ALL_MESSAGESSystem-wide message access
View Department MessagesVIEW_DEPARTMENT_MESSAGESDepartment message access
View Own MessagesVIEW_OWN_MESSAGESPersonal message access
Create MessagesCREATE_MESSAGESCreate new messages
Update MessagesUPDATE_MESSAGESModify messages
Delete MessagesDELETE_MESSAGESRemove messages
Reassign MessagesREASSIGN_MESSAGESTransfer messages
Archive MessagesARCHIVE_MESSAGESArchive messages

4.6 Channel Actions

ActionValueDescription
Create Email ChannelsCREATE_EMAIL_CHANNELSSet up email integration
Sync Email ChannelsSYNC_EMAIL_CHANNELSSynchronize email
Setup VoicemailSETUP_VOICEMAIL_CHANNELSConfigure voicemail
Configure Physical MailCONFIGURE_PHYSICAL_MAIL_INTAKEMail intake setup
Setup Form ChannelsSETUP_FORM_CHANNELSForm integration

4.7 Communication Actions

ActionValueDescription
Send Email ResponsesSEND_EMAIL_RESPONSESSend emails
Send DraftsSEND_DRAFTSSend draft messages
Handle VoicemailHANDLE_VOICEMAIL_RESPONSESProcess voicemail
Process Physical MailPROCESS_PHYSICAL_MAILHandle mail
Respond Via FormsRESPOND_VIA_FORMSForm responses
Initiate OutboundINITIATE_OUTBOUND_COMMUNICATIONSStart outreach

4.8 Department Actions

ActionValueDescription
Change Department SettingsCHANGE_DEPARTMENT_SETTINGSModify dept config
Assign Users to DepartmentsASSIGN_USERS_TO_DEPARTMENTSCross-dept assignment
Assign Within DepartmentASSIGN_USERS_WITHIN_DEPARTMENTIntra-dept assignment
View All Department DataVIEW_ALL_DEPARTMENT_DATAFull dept access
View Own Department DataVIEW_OWN_DEPARTMENT_DATAOwn dept access
Manage Department RoutingMANAGE_DEPARTMENT_ROUTINGRouting rules

4.9 Access & Tracking Actions

ActionValueDescription
Login AccessLOGIN_ACCESSSystem login
Form Only AccessFORM_ONLY_ACCESSLimited to forms
Track User ActionsTRACK_USER_ACTIONSActivity logging
Add KnowledgeADD_KNOWLEDGEKnowledge base edits

4.10 Reporting Actions

ActionValueDescription
Generate All ReportsGENERATE_ALL_REPORTSSystem-wide reports
Generate Department ReportsGENERATE_DEPARTMENT_REPORTSDept reports
View All AnalyticsVIEW_ALL_ANALYTICSFull analytics
View Department AnalyticsVIEW_DEPARTMENT_ANALYTICSDept analytics

Section 5: Creating and Managing Roles

5.1 Navigate to Role Management

Navigation: Administration → Settings → Roles

5.2 Create New Role

  1. Click Add New Role
  2. Enter role details:
FieldDescriptionRequired
Role NameUnique name for the roleYes
Role DescriptionDescription of role purposeNo
PermissionsSelected permissions for this roleYes

5.3 Assign Permissions to Role

Permissions are grouped by Application/Module for easier management.

Application Management Filter: The following modules are managed separately and excluded from the standard application permissions filter:

  • USER_MANAGEMENT
  • ENTITY_VIEWS
  • ENTITY
  • AUTOMATION_BUILDER
  • ENTITY_RECORD

5.4 Role CRUD Operations

OperationAPI EndpointDescription
Create RoleuseCreateRoleCreate new role
Get RolesuseGetRolesList all roles
Get Role DetailsgetRoleDetailsGet specific role
Get Role PermissionsuseGetRolePermissionGet role's permissions
Update RoleuseUpdateRoleModify role
Delete RoleuseDeleteRoleRemove role

Section 6: View-Specific Permissions

6.1 Entity View Permissions

Views in the Entity Manager have their own permission system:

VisibilityValueAccess Level
PersonalpersonalOwner only
PublicpublicRead-only for all
CollaboratorcollaboratorSpecific users

6.2 Combining RBAC with View Permissions

The permission check follows this order:

  1. Module Access: User must have access to ENTITY_VIEW module
  2. Resource Permission: User must have appropriate action on ENTITY_VIEW resource
  3. View Visibility: View's visibility setting must allow user access

Section 7: Best Practices

7.1 Role Design Principles

  1. Principle of Least Privilege: Grant minimum permissions needed
  2. Role Grouping: Create roles based on job functions
  3. Avoid Individual Permissions: Use roles, not user-specific permissions
  4. Regular Audits: Review role assignments periodically

7.2 Permission Naming Conventions

PatternExampleUse
VIEW_*VIEW_ENTITY_RECORDRead-only access
CREATE_*CREATE_ENTITY_RECORDCreation access
EDIT_*EDIT_ENTITY_RECORDModification access
DELETE_*DELETE_ENTITY_RECORDRemoval access
MANAGE_*MANAGE_DEPARTMENT_ROUTINGFull control

7.3 Recommended Role Templates

Basic Staff Role:

CategoryValues
PermissionsVIEW_ENTITY_RECORD, CREATE_ENTITY_RECORD, VIEW_OWN_MESSAGES, VIEW_OWN_DEPARTMENT_DATA
ModulesENTITY_RECORD, ENTITY_VIEWS

Supervisor Role:

CategoryValues
PermissionsVIEW_ENTITY_RECORD, CREATE_ENTITY_RECORD, EDIT_ENTITY_RECORD, DELETE_ENTITY_RECORD, VIEW_DEPARTMENT_MESSAGES, VIEW_ALL_DEPARTMENT_DATA, ASSIGN_USERS_WITHIN_DEPARTMENT
ModulesENTITY_RECORD, ENTITY_VIEWS, ENTITY

Administrator Role:

CategoryValues
PermissionsAll CRUD on entities, All department permissions, User management permissions, Role management permissions
ModulesAll modules

Code Reference

Source Files

FileLocationPurpose
RBAC Constantsrole-base-auth/src/Auth/constants.tsRole, Resource, Module, Action definitions
RBAC Typesrole-base-auth/src/Auth/types.tsTypeScript type definitions
AllowedAccessrole-base-auth/src/Auth/AllowedAccess/Conditional rendering component
AllowedModulerole-base-auth/src/Auth/AllowedModule/Module-level access component
useRoleBasedAuthrole-base-auth/src/Auth/RoleBasedAuthContext/RBAC hook
Role Servicesgovt-assist-host/src/services/roles/Role CRUD operations
Role Pagegovt-assist-host/src/pages/Roles/AddEditViewRoles/Role configuration UI

API Routes

Role management uses the following API service files:

  • useCreateRole.ts - Create new role
  • useDeleteRole.ts - Delete role
  • useGetRoles.ts - List all roles
  • useGetRolePermission.ts - Get role permissions
  • useUpdateRole.ts - Update role
  • useGetBasePermissionsData.ts - Get available permissions
  • useGetBasePermissionsDataForModule.ts - Get module-specific permissions

This guide is aligned with the role-base-auth package and govt-assist-host codebase as of December 2025.