Admin Guide
Security and Permissions
Role-based access, least-privilege guidance, and routine checks to keep your data safe.
2 min read
Updated Dec 17, 2025
Apply least privilege, use clear processes for change control, and document exceptions.
Roles#
- Customer – portal only.
- Technician – work orders, parts, notes.
- Technician Admin – dispatch, catalog, POS, users, reporting.
- Platform Admin – system owner; restrict to a small set of users.
Capabilities Matrix#
| Capability | Customer | Technician | Technician Admin | Platform Admin |
|---|---|---|---|---|
| View own orders | ✅ | ✅ | ✅ | ✅ |
| Create orders | ✅ | ✅ | ✅ | ✅ |
| Assign/reassign orders | ❌ | ➖ (self) | ✅ | ✅ |
| Edit catalog/models | ❌ | ❌ | ✅ | ✅ |
| Manage POS settings | ❌ | ❌ | ✅ | ✅ |
| Invite/manage users | ❌ | ❌ | ✅ | ✅ |
| Export reports | ❌ | ❌ | ✅ | ✅ |
| System settings | ❌ | ❌ | ❌ | ✅ |
Best Practices#
- Quarterly access reviews for all staff accounts.
- Fast offboarding: deactivate immediately and transfer ownership.
- Use passkeys or strong password policies; enforce MFA where supported.
Data Handling#
- Avoid sharing credentials; use individual accounts.
- Use public notes only when intended for customer visibility.
- Limit export permissions to admins and owners.
Incident Basics#
- Capture a reproducible example; include order numbers and screenshots.
- Rotate any exposed secrets; update POS tokens and webhooks.
- Notify the platform owner and follow the operations handbook.