Roles
Roles define what a user can do in the system. Every user has exactly one role. Roles are seeded into the database at startup and can be managed in the Admin panel.
Built-in roles​
| Role | Internal name | Description |
|---|---|---|
| Admin | admin | Full access to everything including user management, system logs, and permission editing |
Default permissions per role​
Admin​
All permissions in the system.
How roles are assigned​
An admin assigns a role to a user in Admin → Users. The role is stored on the users table and returned as part of the JWT payload. Changing a user's role takes effect on their next login (or token refresh).
Custom permissions​
A user can also have individual permission overrides on top of their role. These are managed per-user in Admin → User Permissions. Overrides are merged with role permissions at runtime — a user effectively has the union of their role permissions plus any user-level additions.