[{"data":1,"prerenderedAt":341},["ShallowReactive",2],{"guide:en:getting-started/access-and-controls":3},{"id":4,"title":5,"body":6,"description":333,"extension":334,"meta":335,"navigation":336,"path":337,"seo":338,"stem":339,"__hash__":340},"guide_en/en/user/getting-started/access-and-controls.md","Who Can See and Change What",{"type":7,"value":8,"toc":322},"minimark",[9,13,17,32,39,50,55,73,88,94,101,120,124,135,154,159,162,168,204,211,215,222,238,242,245,272,275,279,286,310],[10,11,5],"h1",{"id":12},"who-can-see-and-change-what",[14,15,16],"p",{},"This is the question we get asked most, so it's worth getting straight up front. Aptli's access model is deliberately simple, and it starts from one default:",[18,19,20],"callout",{},[14,21,22,26,27,31],{},[23,24,25],"strong",{},"By default, everyone can see everything — but not everyone can change everything."," Visibility is open out of the box; the ability to ",[28,29,30],"em",{},"edit"," is what you grant. You then narrow visibility only where you specifically need to.",[14,33,34,35,38],{},"Control happens in ",[23,36,37],{},"two independent layers",". They stack: a person's final access to any record is whatever both layers allow.",[40,41,46],"pre",{"className":42,"code":44,"language":45},[43],"language-text","   START: everyone can SEE everything\n              │\n              ▼\n   ┌──────────────────────────────────────────────┐\n   │ LAYER 1 — ADMIN RIGHTS                        │\n   │ \"What may this person CHANGE?\"                │\n   │ Granted per area, per action.                 │\n   │ No right → can view, but not create/edit/delete\n   └──────────────────────────────────────────────┘\n              │\n              ▼\n   ┌──────────────────────────────────────────────┐\n   │ LAYER 2 — ROLE RESTRICTIONS                   │\n   │ \"What may this person's role even SEE?\"       │\n   │ Hides matching records from the role —        │\n   │ everywhere those records would appear.        │\n   └──────────────────────────────────────────────┘\n              │\n              ▼\n   RESULT: what this person can see and do\n","text",[47,48,44],"code",{"__ignoreMap":49},"",[51,52,54],"h2",{"id":53},"layer-1-admin-rights-what-you-can-change","Layer 1 — Admin rights (what you can change)",[14,56,57,58,61,62,65,66,65,69,72],{},"Every person carries a set of ",[23,59,60],{},"admin rights",". Each right is a single switch for one action in one area — for example ",[47,63,64],{},"jobsUpdate",", ",[47,67,68],{},"sitesDelete",[47,70,71],{},"resourcesCreate",". Hold the right and you can perform that action; don't hold it and you can't.",[14,74,75,76,79,80,83,84,87],{},"The pattern is consistent across the whole system: most areas have a ",[23,77,78],{},"create",", an ",[23,81,82],{},"update",", and a ",[23,85,86],{},"delete"," right.",[40,89,92],{"className":90,"code":91,"language":45},[43],"   Jobs        →  jobsCreate · jobsUpdate · jobsDelete\n   Sites       →  sitesCreate · sitesUpdate · sitesDelete\n   Resources   →  resourcesCreate · resourcesUpdate · resourcesDelete\n   Reports     →  reportsCreate · reportsUpdate · reportsDelete\n   ... and so on for every area\n",[47,93,91],{"__ignoreMap":49},[14,95,96,97,100],{},"With ",[23,98,99],{},"no"," rights, a person is effectively read-only: they can open and view records across the app, but the create/edit/delete controls aren't available to them. You hand out rights to widen what each person is allowed to do.",[14,102,103,104,107,108,111,112,115,116,119],{},"A handful of rights aren't about a single area — they unlock a capability, such as ",[23,105,106],{},"View Deleted"," (",[47,109,110],{},"viewDeleted","), ",[23,113,114],{},"Facilitate Pickups",", or ",[23,117,118],{},"Audit View",". These work the same way: held or not held.",[51,121,123],{"id":122},"layer-2-role-restrictions-what-you-can-see","Layer 2 — Role restrictions (what you can see)",[14,125,126,127,130,131,134],{},"The first layer never ",[28,128,129],{},"hides"," anything — it only governs editing. To take content out of view, you use ",[23,132,133],{},"roles",".",[14,136,137,138,141,142,145,146,149,150,153],{},"A ",[23,139,140],{},"role"," is a named group of people that carries a list of ",[23,143,144],{},"restrictions",". Each restriction is a rule that says, in effect: ",[28,147,148],{},"\"members of this role should not touch records that match this condition.\""," The primary thing a restriction does is ",[23,151,152],{},"hide"," matching records — they simply don't appear for that role, anywhere.",[155,156,158],"h3",{"id":157},"the-three-tiers","The three tiers",[14,160,161],{},"For any given record, a person ends up in exactly one of these:",[40,163,166],{"className":164,"code":165,"language":45},[43],"   ┌────────────────────────────────┬──────┬───────┐\n   │                                │ SEE  │ EDIT  │\n   ├────────────────────────────────┼──────┼───────┤\n   │ Open                           │  ✓   │  ✓ *  │\n   │ View-only                      │  ✓   │  ✗    │\n   │ Hidden          (role-hidden)  │  ✗   │  ✗    │\n   └────────────────────────────────┴──────┴───────┘\n\n   * Editing requires the matching admin right from Layer 1.\n",[47,167,165],{"__ignoreMap":49},[169,170,171,178,195],"ul",{},[172,173,174,177],"li",{},[23,175,176],{},"Open"," — visible, and editable by anyone who holds the relevant admin right.",[172,179,180,183,184,187,188,191,192,194],{},[23,181,182],{},"View-only"," — visible, but not editable. This is simply what you get for any record where a person ",[23,185,186],{},"doesn't hold the edit right"," (Layer 1). Since visibility is open by default and editing is granted, ",[28,189,190],{},"most"," people are view-only on ",[28,193,190],{}," things — that's the normal state, not a special lockdown.",[172,196,197,200,201,203],{},[23,198,199],{},"Hidden"," — a ",[23,202,140],{}," hides the record, so it isn't in that person's lists or on their map at all.",[14,205,206,207,210],{},"Because role rules attach to ",[23,208,209],{},"records that match a condition"," (not to whole pages), one role can see a subset of jobs, sites, or features while another role sees a different subset of the same collection.",[155,212,214],{"id":213},"it-works-at-every-level","It works at every level",[14,216,217,218,221],{},"Hiding via roles isn't a feature of one screen. The ",[23,219,220],{},"same view rules apply uniformly across the system"," — jobs, work orders, reports, resources, sites, stock, map features, users, roles, and more all run their lists through the current person's role restrictions. Hide a category of records for a role in one place and it's hidden everywhere that role looks.",[18,223,224],{},[14,225,226,229,230,233,234,237],{},[23,227,228],{},"A note on the two layers working together."," ",[28,231,232],{},"Hiding"," is driven by roles and applies everywhere. ",[28,235,236],{},"Editing"," is driven by admin rights — so the reliable way to make something read-only for a group is to withhold its edit right. (Roles can also carry edit/create/delete rules, but treat the admin right as the real edit gate.)",[51,239,241],{"id":240},"the-exceptions-to-everyone-can-see-everything","The exceptions to \"everyone can see everything\"",[14,243,244],{},"The open default has a few deliberate carve-outs:",[169,246,247,260,266],{},[172,248,249,252,253,255,256,259],{},[23,250,251],{},"Deleted records are hidden"," unless a person holds the ",[23,254,106],{}," right ",[28,257,258],{},"and"," asks to show them. Soft-deleted items stay recoverable but stay out of the way.",[172,261,262,265],{},[23,263,264],{},"Personal sites belong to their owner."," A worker's personal inventory site is visible to others, but only its owner can edit it — regardless of site rights.",[172,267,268,271],{},[23,269,270],{},"Orphaned map features"," (whose parent layer was deleted) stay hidden unless you're explicitly viewing deleted content.",[14,273,274],{},"Everything else follows the rule: open to see, granted to change, narrowed by role where you decide it matters.",[51,276,278],{"id":277},"how-this-maps-to-the-admin-area","How this maps to the admin area",[14,280,281,282,285],{},"You manage both layers from the ",[23,283,284],{},"Admin"," menu:",[169,287,288,296,303],{},[172,289,290,295],{},[291,292,294],"a",{"href":293},"/guide/admin/","Users"," — assign a person's admin rights (Layer 1) and their role membership.",[172,297,298,302],{},[291,299,301],{"href":300},"/guide/authorization/","Roles"," — define roles and their restrictions (Layer 2).",[172,304,305,309],{},[291,306,308],{"href":307},"/guide/admin/granting-access/","Granting Access"," — bring new people in and set them up.",[14,311,312,313,317,318,321],{},"For the full security picture, see ",[291,314,316],{"href":315},"/guide/authentication/","Authentication"," (how people prove who they are) and ",[291,319,320],{"href":300},"Authorization"," (how rights and roles are configured in depth).",{"title":49,"searchDepth":323,"depth":323,"links":324},2,[325,326,331,332],{"id":53,"depth":323,"text":54},{"id":122,"depth":323,"text":123,"children":327},[328,330],{"id":157,"depth":329,"text":158},3,{"id":213,"depth":329,"text":214},{"id":240,"depth":323,"text":241},{"id":277,"depth":323,"text":278},"Aptli's access model in two layers: admin rights control what each person can change, and role restrictions control what they can see. The default is open; you lock down from there.","md",{},true,"/en/user/getting-started/access-and-controls",{"title":5,"description":333},"en/user/getting-started/access-and-controls","3zr4ZFag83mXNsW4Bj6NteawxIVlopHAgAPV9B0rVnM",1781607695560]