Roles & Permissions
Role Hierarchyβ
| Role | Vietnamese | Access Level |
|---|---|---|
bod | Ban GiΓ‘m Δα»c | Full access (Level 4) |
warehouse_manager | QuαΊ£n LΓ½ Kho | Warehouse + HR (Level 3) |
hr | NhΓ’n Sα»± | HR functions (Level 3) |
warehouse_leader | TrΖ°α»ng Ca | Operations (Level 2) |
staff | NhΓ’n ViΓͺn | Read-only own data (Level 1) |
Action Permission Matrixβ
| Action | Staff | Leader | Manager | HR | BOD |
|---|---|---|---|---|---|
| View dashboard | β | β | β | β | β |
| Create violation | β | β | β | β | β |
| Confirm violation | β | β | β | β | β |
| Approve recovery | β | β | β | β | β |
| Approve bonus | β | β | β | β | β |
| Approve scores | β | β | β | β | β |
| Finalize scores | β | β | β | β | β |
| Manage config | β | β | β | β | β |
| Export CSV | β | β | β | β | β |
| View reports | β | β | β | β | β |
Warehouse Scopingβ
- BOD and HR accounts have access to all warehouses
- Warehouse Manager and Leader accounts are scoped to their assigned warehouse
- The
warehouse_idfield on the user profile determines data visibility
Auth Headerβ
All API requests must include:
X-User-Id: <user_id>
The backend uses this header to determine the user's role and warehouse scope for data filtering.