11ab0203b1
* Add builtin plugin for auto-issuing orders * Add plugin to auto-issue orders * Add placeholder documentation * Fix typo * Adds image macro - To replace img.html - includes checking if file exists * Fix tooltips * More docs * Adjust plugin settings filters * docs * More docs * More docs * Updates * Less restrictive URL checking * Refactor build order page * Fix typo * Allow 429 * Debug output * More debug * Construct assets dir * Cleanup * Update docs README * Refactoring more pages * Fix image link * Fix SSO settings * Add hook to check for missing settings - Ensure that all settings are documented! * Add missing user settings * Update docstring * Tweak SSO.md * Image updates * More updates * Tweaks * Exclude orders without a target_date * Fix for issuing build orders * Further refactoring * Fixes * Image refactoring * More refactoring * More refactoring * Refactor app images * Fix pathing issues * Suppress some openapidocs warnings in logs (much easier to debug docs build issues) * Fix image reference * Reduce error messages * Fix image links * Fix image links * Reduce docs log output * Ensure settings are loaded before displaying them * Fix for UI test * Fix unit test * Test tweaks
3.1 KiB
title
| title |
|---|
| User Permissions |
Permissions
InvenTree provides access control to various features and data, by assigning each user to one (or more) groups which have multiple roles assigned.
!!! info "Superuser" The superuser account is afforded all permissions across an InvenTree installation. This includes the admin interface, web interface, and API.
User
A user is a single unique account with login credentials. By default, a user is not afforded any permissions, and the user must be assigned to the relevant group for the permissions to be assigned.
Group
A group is a named set of zero or more users. Each group is assigned permissions against each possible role.
Role
A role is a set of distinct permissions linked to a given subset of InvenTree functionality (more on this below).
Roles
InvenTree functionality is split into a number of distinct roles. A group will have a set of permissions assigned to each of the following roles:
- Admin - The admin role is related to assigning user permissions.
- Part Category - The part category role is related to accessing Part Category data
- Part - The part role is related to accessing Part data
- Stock Location - The stock location role is related to accessing Stock Location data
- Stock Item - The stock item role is related to accessing Stock Item data
- Build - The build role is related to accessing Build Order and Bill of Materials data
- Purchase Order - The purchase role is related to accessing Purchase Order data
- Sales Order - The sales role is related to accessing Sales Order data
- Return Order - The return role is related to accessing Return Order data
{{ image("admin/roles.png", "Roles") }}
Role Permissions
Within each role, there are four levels of available permissions:
- View - The view permission allows viewing of content related to the particular role
- Change - The change permission allows the user to edit / alter / change data associated with the particular role
- Add - The add permission allows the user to add / create database records associated with the particular role
- Delete - The delete permission allows the user to delete / remove database records associated with the particular role
Admin Interface Permissions
If a user does not have the required permissions to perform a certain action in the admin interface, those options not be displayed.
If a user is expecting a certain option to be available in the admin interface, but it is not present, it is most likely the case that the user does not have those permissions assigned.
Web Interface Permissions
When using the InvenTree web interface, certain functions may not be available for a given user, depending on their permissions. In this case, user-interface elements may be disabled, or may be removed.
API Permissions
When using the InvenTree API, certain endpoints or actions may be inaccessible for a given user, depending on their permissions.
As the API is used extensively within the web interface, this means that many data tables may also be impacted by user permissions.