Roles & Permissions
Configure user roles and access permissions for your company
Roles & Permissions
Roles define what users can see and do within Rahal. The platform provides predefined roles for common use cases and supports custom roles for specific access needs.
Overview
The role system includes:
- Predefined Roles — Three built-in roles (Member, Manager, Admin) covering common use cases
- Custom Roles — Create roles with any combination of 26 permissions
- Permission Merging — Users receive base capabilities plus role-specific permissions
- Company Isolation — Roles are scoped to each company
How Roles Work
Every company user has:
- Base Permissions — Core capabilities every user needs (booking, viewing own data)
- Role Permissions — Additional capabilities based on assigned role
- Merged Access — Combined set used for authorization
Predefined Roles
Three roles are automatically created for every company:
| Role | Description | Permissions | Dashboard Access |
|---|---|---|---|
| Member | Standard employee | 6 | ❌ |
| Manager | Team supervisor | 11 | ✅ |
| Admin | Company administrator | 27 | ✅ |
Predefined roles cannot be deleted or have their permissions modified. Only the name and description can be updated.
Role Capabilities Summary
| Capability | Member | Manager | Admin |
|---|---|---|---|
| Book travel | ✅ | ✅ | ✅ |
| Manage own travelers | ✅ | ✅ | ✅ |
| View own bookings | ✅ | ✅ | ✅ |
| Access dashboard | ❌ | ✅ | ✅ |
| Approve requests | ❌ | ✅ | ✅ |
| Manage users | ❌ | ❌ | ✅ |
| Configure policies/budgets | ❌ | ❌ | ✅ |
Custom Roles
When predefined roles don't fit your needs, create custom roles with the exact permissions required:
- Select from 26 permissions organized by category
- Assign to any number of users
- Modify or delete at any time
Example Custom Roles
| Role | Use Case | Key Permissions |
|---|---|---|
| Travel Coordinator | Book for others | Travelers, Passports, Delegations |
| Budget Analyst | View spending | Read Budgets, Read Booking Requests |
| Approver Only | Just approve requests | Process Booking Requests |
| Read-Only Admin | Audit access | All Read permissions |
Permission Categories
Permissions are grouped into logical categories:
| Category | Count | What You Can Do |
|---|---|---|
| Dashboard Access | 1 | Access the admin dashboard |
| Company Management | 3 | View, edit, delete company settings |
| Users Management | 3 | View, create, edit, delete users |
| Roles Management | 3 | View, create, edit, delete roles |
| Travelers | 2 | View, manage traveler profiles |
| Passports | 2 | View, manage passport documents |
| Policies | 3 | View, create, assign policies |
| Budgets | 3 | View, create, assign budgets |
| Booking Requests | 5 | View, process, update requests |
| Delegations | 3 | View, create, revoke delegations |
Role Assignment
Users receive one role per company:
- Each user in a company has exactly one role
- Roles can be reassigned at any time
- Role changes take effect immediately
Documentation Sections
Concepts
Understand predefined roles, custom roles, permissions, and role assignment
Admin Guide
Step-by-step guides for viewing, creating, managing, and assigning roles
Reference
Complete list of all permissions by category with detailed descriptions
Troubleshooting
Common issues and solutions for roles and permissions
Quick Links
Concepts
- Predefined Roles — Member, Manager, Admin explained
- Custom Roles — Creating and managing custom roles
- Permissions — Understanding the permission system
- Role Assignment — How users get their roles
Admin Guides
- Viewing Roles — Navigate the roles list
- Creating Roles — Create custom roles
- Managing Roles — Edit and delete roles
- Assigning Roles — Assign roles to users
- Initializing Roles — Set up predefined roles
Reference
- All Permissions — Complete permission list
- Predefined Permissions — What each predefined role includes
Related Topics
- Company Management — Company setup and configuration
- Policies — Role-based policy assignments
- Budgets — Role-based budget assignments
- Delegations — User delegation and access sharing