Staff Access Control – Roles & Permissions Behavior
This guide explains how access works for Staff Users vs Admin Users, including role creation, permission limits, and restrictions. It helps ensure secure and controlled access management across your system.
1. Staff Access Based on Permissions
Staff users can only access modules and features that are explicitly enabled for them.
How it Works
Access is controlled by:
Assigned Role
Individual Permissions (if any)
Staff will not see or access modules that are not permitted.
Example:
If a staff has access only to Appointments, they won’t see Reports or Settings modules.
2. Staff Can Create Roles (Limited to Their Access)
Staff users can create new roles, but only within the permissions they already have.
Steps
Go to Roles & Permissions
Click Create New Role
In the permissions list:
Only the permissions currently available to the staff will be shown
Select required permissions and save
Key Rule
Staff cannot assign permissions they don’t have
3. Admin Roles Are Restricted for Staff
Roles created by Admin users are not accessible to Staff users.
Behavior
Admin-created roles:
❌ Not visible to staff users
❌ Cannot be edited by staff users
❌ Cannot be assigned by staff users
This ensures higher-level roles remain secure and controlled.
4. Permission Changes Impact on Staff-Created Roles
This section explains how permission updates by Admins affect roles created by Staff users, and why certain role edits may be restricted.
Overview
When a staff user creates a role based on their current permissions, any future changes made by the Admin to that staff’s access will impact what they can edit in that role.
Example:
Step 1: Initial Access
A staff user has 60 permissions (from role + individual permissions).
Step 2: Staff Creates a Role
The staff creates a new role with 40 permissions.
At this point, all 40 permissions are valid because the staff has access to them.
Step 3: Admin Updates Staff Permissions
Later, the Admin removes 20 permissions from the staff user.
Now, the staff effectively has only 40 permissions remaining.
Step 4: Attempt to Edit the Created Role
The staff tries to edit the previously created role.
However:
❌ The staff cannot modify or remove the permissions that are no longer part of their access
❌ The staff cannot fully control the role anymore
Key Rule
Staff users can only manage permissions that are currently available to them.
If permissions are reduced by Admin:
Those permissions become restricted in role editing
What Should Be Done
If changes are required in such roles:
The staff user must contact the Admin
The Admin can:
Edit the role directly
Remove or adjust restricted permissions
Why This Happens
This restriction ensures:
Staff users cannot manage permissions they no longer have
Prevents unauthorized control over restricted access
Maintains consistency between user access and role permissions
Benefits
Improved Security – Prevents outdated permissions from being misused
Controlled Access – Ensures only authorized users manage sensitive permissions
System Integrity – Keeps roles aligned with current access levels
5. Admin vs Staff Role Access
Admin Capabilities
✅ Can view staff-created roles
✅ Can edit and manage all roles
✅ Can assign any role
Staff Limitations
❌ Cannot access Admin-created roles
❌ Cannot assign Admin roles
❌ Can only manage roles within their permission scope
Use Cases
Ensure staff only access relevant modules
Allow staff to create custom roles within limits
Maintain strict control over admin-level access
Handle permission changes without breaking role security
Benefits
Strong Access Control – Prevents unauthorized actions
Clear Permission Boundaries – Staff operate within defined limits
Secure Role Management – Admin retains full control
Reduced Risk – Avoids accidental over-permission
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article