Custom Roles & Permissions

Define custom roles with granular permission control.

Default Roles

Role	Access Level
SUPER_ADMIN	Full system access
ADMIN	Organization management
MANAGER	Team management
EMPLOYEE	Self-service access
CANDIDATE	Limited application view
VIEWER	Read-only access

Creating Custom Roles

Go to Settings → Roles & Permissions
Click Add Role
Enter role name
Select permissions from categories

Permission Categories

Category	Examples
Organization	View org, edit org, manage teams
Employee	View employees, edit, delete
Time Tracking	View time, approve timesheets
Projects	Create, edit, delete projects
Tasks	Create, assign, manage status
Financial	View invoices, create, approve
Reports	View reports, export data
Admin	Manage roles, integrations

Permission Enforcement

Permissions are enforced at multiple layers:

Guard-Based

@UseGuards(PermissionGuard)
@Permissions(PermissionsEnum.ORG_EMPLOYEES_EDIT)
@Put(':id')
async update(@Param('id') id: string, @Body() dto: UpdateDTO) {
  return this.service.update(id, dto);
}

API

GET /api/role
POST /api/role
GET /api/role/:id/permissions
PUT /api/role/:id/permissions

Guard System — guards
Tenant Isolation — tenant security
Organization Settings — org config

Default Roles​

Creating Custom Roles​

Permission Categories​

Permission Enforcement​

Guard-Based​

API​

Related Pages​

Default Roles

Creating Custom Roles

Permission Categories

Permission Enforcement

Guard-Based

API

Related Pages