mirror of
https://github.com/inventree/inventree-docs.git
synced 2025-04-28 05:36:46 +00:00
65 lines
3.1 KiB
Markdown
65 lines
3.1 KiB
Markdown
---
|
|
title: User Permissions
|
|
---
|
|
|
|
## Permissions
|
|
|
|
InvenTree provides access control to various features and data, by assigning each *user* to one (or more) *groups* which have multiple *roles* assigned.
|
|
|
|
!!! info "Superuser"
|
|
The superuser account is afforded *all* permissions across an InvenTree intallation. This includes the admin interface, web interface, and API.
|
|
|
|
### User
|
|
|
|
A *user* is a single unique account with login credentials. By default, a user is not afforded *any* permissions, and the user must be assigned to the relevant group for the permissions to be assigned.
|
|
|
|
### Group
|
|
|
|
A *group* is a named set of zero or more users. Each group is assigned permissions against each possible role.
|
|
|
|
### Role
|
|
|
|
A *role* is a set of distinct permissions linked to a given subset of InvenTree functionality (more on this below).
|
|
|
|
## Roles
|
|
|
|
InvenTree functionality is split into a number of distinct roles. A group will have a set of permissions assigned to each of the following roles:
|
|
|
|
- **Admin** - The *admin* role is related to assigning user permissions.
|
|
- **Part Category** - The *part category* role is related to accessing Part Category data
|
|
- **Part** - The *part* role is related to accessing Part data
|
|
- **Stock Location** - The *stock location* role is related to accessing Stock Location data
|
|
- **Stock Item** - The *stock item* role is related to accessing Stock Item data
|
|
- **Build** - The *build* role is related to accessing Build Order and Bill of Materials data
|
|
- **Purchase** - The *purchase* role is related to accessing Purchase Order data
|
|
- **Sales** - The *sales* role is related to accessing Sales Order data
|
|
|
|
{% with id="Roles Admin View", url="admin/roles.png", description="Roles" %}
|
|
{% include 'img.html' %}
|
|
{% endwith %}
|
|
|
|
### Role Permissions
|
|
|
|
Within each role, there are four levels of available permissions:
|
|
|
|
- **View** - The *view* permission allows viewing of content related to the particular role
|
|
- **Change** - The *change* permission allows the user to edit / alter / change data associated with the particular role
|
|
- **Add** - The *add* permission allows the user to add / create database records associated with the particular role
|
|
- **Delete** - The *delete* permission allows the user to delete / remove database records associated with the particular role
|
|
|
|
## Admin Interface Permissions
|
|
|
|
If a user does not have the required permissions to perform a certain action in the admin interface, those options not be displayed.
|
|
|
|
If a user is expecting a certain option to be available in the admin interface, but it is not present, it is most likely the case that the user does not have those permissions assigned.
|
|
|
|
## Web Interface Permissions
|
|
|
|
When using the InvenTree web interface, certain functions may not be available for a given user, depending on their permissions. In this case, user-interface elements may be disabled, or may be removed.
|
|
|
|
## API Permissions
|
|
|
|
When using the InvenTree API, certain endpoints or actions may be inaccessible for a given user, depending on their permissions.
|
|
|
|
As the API is used extensively within the web interface, this means that many data tables may also be impacted by user permissions.
|