Roles & permissions
FurnFlow's access model is precise but easy to reason about. A person's role grants a set of abilities; an ability only works if its module is enabled; and admins can fine-tune individuals on top with groups and per-user overrides.
🧠 How access is decided
Every protected action checks exactly one ability, named domain.verb — for example order.read, delivery.schedule, supplier.write, purchase_request.approve. A request is permitted only when both of these hold:
The admin role holds the wildcard *, which bypasses the ability check entirely. Every other role — including owner — carries an explicit list of abilities.
👥 The built-in roles
FurnFlow ships with 14 roles. Each is a sensible bundle of abilities for a job:
| Role | Built for | What they can do |
|---|---|---|
| admin | System owner | Everything (*). |
| owner | Business owner | All day-to-day operations, billing read/write, chat governance; approves price overrides & big discounts. |
| manager | Branch manager | Run the branch: orders, inventory, catalog; schedule deliveries; approve purchase requests & transfers; assign installers; moderate chat. |
| sales | Showroom seller | Customers (read/write), quotes (read/write/convert), read orders, raise purchase requests, read deliveries, tasks. |
| warehouse | Stock keeper | Adjust / pick / return inventory, run transfers (incl. receive), receive POs, read suppliers & deliveries. |
| buyer | Purchasing | Suppliers & catalog, all purchase orders, purchase requests, budgets; read inventory & transfers; tasks & audit. |
| dispatch | Logistics control | Read orders/customers/installs; assign, reschedule & complete deliveries; write tasks. |
| delivery | Driver | Read orders, schedule/complete deliveries, read installs, tasks. |
| installer | Field install | Work assigned installations to completion, open service cases, read orders/deliveries. |
| driver_installer | Combined field | Delivery + installation + service abilities in one. |
| support | Customer care | Read customers/orders/deliveries; full service incl. resolve; chat support & moderation. |
| finance | Accounting | Read customers/orders, billing read/write, audit, service read. |
| executive | Leadership | Read-only visibility across the whole business + audit. |
| user | Basic seat | Minimal reads + chat. |
🎛 Tuning access beyond the role
Roles are the baseline. Two layers let you adjust without inventing new roles:
- Permission groups apply a tier and can grant or deny abilities to many users at once: default → standard → advanced → full (where full is the wildcard).
- Per-user overrides grant or deny a single ability to one person. The most specific rule wins, so a per-user deny beats a group grant.
Manage all of this in Tenant admin → Roles & permissions. Every change is written to the audit log, so you always know who changed whose access.
🔌 The module gate
An ability you "have" still won't do anything if its module is off. Abilities map to modules — a few examples:
| Ability | Needs module |
|---|---|
quote.read / quote.write | Showroom / Sales |
order.read | Orders |
supplier.*, purchase_order.* | Purchasing |
delivery.schedule | Delivery |
service.resolve | Service |
audit.read | Analytics |
💡 Worked examples
Why can't my salesperson see the cost of products?
Cost and financial figures are senior-only. They're visible to admin, owner, manager, finance (and executive). A sales role sees sell prices, not landed cost.
My buyer gets "insufficient permissions" creating a PO — why?
Buyers can create POs (purchase_order.write), but the Purchasing module must be enabled on your plan. If it's off, the ability is gated. Turn the module on (or start a 14-day trial) in Tenant admin → Modules.
How do I let one warehouse user also receive POs but nothing else extra?
Warehouse already includes PO receive. If you need to grant a single extra ability to one person without changing their role, use a per-user grant in Roles & permissions.
What's the difference between owner and admin?
admin is the unrestricted wildcard. owner has the full business operations set plus billing, but is still an explicit list — so module gating still applies to an owner.