mirror of
https://github.com/inventree/inventree-docs.git
synced 2025-06-11 09:45:35 +00:00
_includes
docs
admin
admin.md
email.md
export.md
import.md
logs.md
permissions.md
shell.md
tasks.md
app
assets
build
companies
extend
javascripts
part
releases
report
start
stock
stylesheets
webfonts
contribute.md
credits.md
faq.md
features.md
index.md
upcoming.md
.gitignore
LICENSE
README.md
main.py
mkdocs.yml
readthedocs.yml
requirements.txt
65 lines
3.1 KiB
Markdown
65 lines
3.1 KiB
Markdown
---
|
|
title: User Permissions
|
|
---
|
|
|
|
## Permissions
|
|
|
|
InvenTree provides access control to various features and data, by assigning each *user* to one (or more) *groups* which have multiple *roles* assigned.
|
|
|
|
!!! info "Superuser"
|
|
The superuser account is afforded *all* permissions across an InvenTree intallation. This includes the admin interface, web interface, and API.
|
|
|
|
### User
|
|
|
|
A *user* is a single unique account with login credentials. By default, a user is not afforded *any* permissions, and the user must be assigned to the relevent group for the permissions to be assigned.
|
|
|
|
### Group
|
|
|
|
A *group* is a named set of zero or more users. Each group is assigned permissions against each possible role.
|
|
|
|
### Role
|
|
|
|
A *role* is a set of distinct permissions linked to a given subset of InvenTree functionality (more on this below).
|
|
|
|
## Roles
|
|
|
|
InvenTree functionality is split into a number of distinct roles. A group will have a set of permissions assigned to each of the following roles:
|
|
|
|
- **Admin** - The *admin* role is related to assigning user permissions.
|
|
- **Part Category** - The *part category* role is related to accessing Part Category data
|
|
- **Part** - The *part* role is related to accessing Part data
|
|
- **Stock Location** - The *stock location* role is related to accessing Stock Location data
|
|
- **Stock Item** - The *stock item* role is related to accessing Stock Item data
|
|
- **Build** - The *build* role is related to accessing Build Order and Bill of Materials data
|
|
- **Purchase** - The *purchase* role is related to accessing Purchase Order data
|
|
- **Sales** - The *sales* role is related to accessing Sales Order data
|
|
|
|
{% with id="Roles Admin View", url="admin/roles.png", description="Roles" %}
|
|
{% include 'img.html' %}
|
|
{% endwith %}
|
|
|
|
### Role Permissions
|
|
|
|
Within each role, there are four levels of available permissions:
|
|
|
|
- **View** - The *view* permission allows viewing of content related to the particular role
|
|
- **Change** - The *change* permission allows the user to edit / alter / change data associated with the particular role
|
|
- **Add** - The *add* permission allows the user to add / create database records associated with the particular role
|
|
- **Delete** - The *delete* permission allows the user to delete / remove database records associated with the particular role
|
|
|
|
## Admin Interface Permissions
|
|
|
|
If a user does not have the required permissions to perform a certain action in the admin interface, those options not be displayed.
|
|
|
|
If a user is expecting a certain option to be available in the admin interface, but it is not present, it is most likely the case that the user does not have those permissions assigned.
|
|
|
|
## Web Interface Permissions
|
|
|
|
When using the InvenTree web interface, certain functions may not be available for a given user, depending on their permissions. In this case, user-interface elements may be disabled, or may be removed.
|
|
|
|
## API Permissions
|
|
|
|
When using the InvenTree API, certain endpoints or actions may be inaccessible for a given user, depending on their permissions.
|
|
|
|
As the API is used extensively within the web interface, this means that many data tables may also be impacted by user permissions.
|