Role-Based Access Control

General For All Users Role Permissions
Last updated: January 26, 2026 β€’ Version: 2.0
Table of Contents

Role-Based Access Control

Learn how to control user access through customizable roles that grant specific permissions, ensuring employees can access only the features and data relevant to their responsibilities.

Overview

Role-Based Access Control (RBAC) in MangoApps allows administrators to assign users to specific roles that determine what they can see and do in the system. This ensures employees have access to the tools they need while maintaining data security and operational integrity.

Understanding Roles and Permissions

Default Roles

MangoApps includes four built-in Default Roles with predefined permissions that cannot be deleted:

Role Description Access Level
Super Admin Complete access to all features and settings Everything
Administrator Full control of business settings and operations Organization settings, user management, all features
Manager Team operations and oversight capabilities Team management, analytics, scheduling
Member Self-service access for regular employees Own shifts, attendance, timesheets, profile

Custom Organizational Roles

Beyond default roles, you can create custom organizational roles that reflect your company’s structure:

  • Director
  • Regional Manager
  • District Manager
  • Location Manager
  • Supervisor
  • Team Lead

Each custom role can have specific permission sets and a defined hierarchy level.

Setting Up Role-Based Access

Accessing Role Management

  1. Navigate to Administration β†’ Roles & Permissions
  2. The roles page displays all roles in a unified list:
    • Default badge indicates built-in roles
    • Custom badge indicates user-created roles

Creating Custom Roles

  1. Click New Custom Role
  2. Enter a descriptive name for the role
  3. Set the hierarchy level (lower numbers = higher authority)
  4. Configure permissions for the new role
  5. Activate and save your changes

Configuring Role Permissions

Each role can be granted specific permissions across different areas:

Permission Area View Manage
Shifts & Scheduling See schedules Create, edit, delete shifts
Attendance View attendance records Manage exceptions, approve records
Timesheets View timesheets Approve, edit timesheets
Leave Requests View requests Approve/deny requests
Users View user profiles Manage user accounts
Compliance β€” Configure labor law settings
Organization Settings β€” Business configuration
System Configurations β€” System-wide settings

Permission Actions

For each feature, permissions are typically:

  • View - User can see but not modify data
  • Manage - User has full control including creating, editing, and deleting

Assigning Roles to Users

  1. Go to Organization Settings β†’ Users
  2. Select a user to edit
  3. In the Role dropdown, select the appropriate organizational role
  4. For Job Functions (scheduling), select in the Job Function field
  5. Save the changes

Role Hierarchy and Inheritance

Roles in MangoApps follow a hierarchical structure:

Hierarchy Levels

  • Level 1: Executive level (highest authority)
  • Level 2-3: Senior management
  • Level 4-6: Middle management
  • Level 7+: Supervisory and staff roles

How Hierarchy Works

  • Users with lower hierarchy numbers have authority over those with higher numbers
  • Managers can view and manage data for users below them in the hierarchy
  • Location assignments can further scope a user’s authority

How RBAC Controls Navigation

The permission system directly controls what users see in the navigation:

graph TD A[User Logs In] --> B{Role Level Check} B -->|Manager+| C{System Module Enabled?} B -->|Member| D[Simplified Sidebar] C -->|Yes| E{Has Permission?} C -->|No| F[Item Hidden] E -->|Yes| G[Item Visible] E -->|No| F

For detailed information on navigation visibility, see Understanding Navigation Visibility and RBAC.

Managing Multi-Location Access

For businesses with multiple locations:

  1. Navigate to Organization Settings β†’ Users β†’ select a user
  2. Assign the user to specific locations
  3. Their role permissions apply within those location contexts
  4. Save the changes

Permission Conflicts and Resolution

When users have multiple considerations:

  • Permissions from organizational roles are the primary source
  • Location assignments scope where permissions apply
  • Super Admins override all other permission checks

Best Practices

For optimal security and usability:

  1. Follow least privilege - Give users only the permissions they need
  2. Use Default Roles first - Start with the four default roles before creating custom ones
  3. Audit regularly - Review role assignments quarterly
  4. Document your structure - Keep notes on your role hierarchy
  5. Test new roles - Verify permissions work as expected before wide deployment

This article should be updated when:

  1. New default or organizational roles are added
  2. Permission categories or levels change
  3. The role management interface is modified
  4. Inheritance rules or conflict resolution logic changes
  5. Navigation visibility rules change
Article ID: role_based_access
Related Articles
User Roles and Permissions
Learn how to effectively configure and manage user roles in MangoApps. This guide covers Organizational Roles (which control permissions and access), and Job Functions (which determine scheduling eligibility). Understand how to assign roles to users and optimize your organization's workflow with proper access control.
Understanding Navigation Visibility and Role-Based Access Control (RBAC)
Learn why different users see different menu items in MangoApps. This article explains the three factors that control navigation visibility: User Role Level, System Modules, and Permissions (RBAC). Understand how to configure access and troubleshoot when users can't see expected features.
Permission Management
Learn how to configure and manage permissions for different roles in your organization using MangoApps, ensuring users have appropriate access to features while maintaining security and data integrity.
Security Settings
Configure comprehensive security controls for your organization, including password policies, two-factor authentication requirements, IP restrictions, and session management.
Creating Custom Roles
Learn how to create and manage custom organizational roles in MangoApps, define their permissions, and establish hierarchical relationships to create a role structure that matches your organization's needs.