# Roles & Permissions Configure roles and permissions to control what users can access and do in your PteroCA panel. ## Overview PteroCA v0.6 introduces a comprehensive role-based permission system with 84 granular permissions, replacing the simple ROLE\_ADMIN/ROLE\_USER system from previous versions. **Key Benefits:** * **Granular Control**: 84 individual permissions across 12 functional areas * **Custom Roles**: Create roles matching your team structure * **Flexible Assignment**: Assign multiple roles to users * **Better Security**: Grant only the permissions users actually need ## What Changed in v0.6 **Before v0.6:** * Simple two-role system: ROLE\_ADMIN (full access) or ROLE\_USER (basic access) * No ability to create custom roles * All admins had identical permissions **After v0.6:** * 84 granular permissions organized into 12 categories * Create unlimited custom roles with specific permission sets * Separate view and edit permissions for Settings * New `pterodactyl_root_admin` permission for Pterodactyl Panel access * Automatic menu visibility based on permissions ## Documentation ### [Roles & Permissions Guide](/access-and-permissions/access-control/roles-and-permissions.md) Practical guide for administrators covering: * Understanding roles and permissions * Complete list of all 84 permissions * Managing roles (create, edit, delete) * Assigning roles to users * Example role scenarios (Support Staff, Shop Manager, Moderator, etc.) * Security considerations * FAQ ### [Access Control Model](/access-and-permissions/access-control/access-control-model.md) Technical documentation explaining: * How permission checking works * Menu visibility logic * Multi-layer security enforcement * Implementation details ## Quick Start **To create a custom role:** 1. Navigate to: Admin Panel → Roles & Permissions → Roles 2. Click "Add role" 3. Enter role name and display name 4. Select permissions from the organized categories 5. Click "Save" **To assign roles to a user:** 1. Navigate to: Admin Panel → Users 2. Select a user and click "Edit user" 3. Select one or more roles from the dropdown 4. Click "Save user" ## Common Role Examples **Support Staff** (read-only access): * View dashboard, users, servers, logs * Access all settings (view only) * No editing or deletion permissions **Shop Manager** (product management): * Full access to products and categories * Access dashboard * No access to users, servers, or system settings **Moderator** (user management): * Manage users and servers * View logs * No access to settings or shop configuration **For detailed examples**: [Roles & Permissions Guide](/access-and-permissions/access-control/roles-and-permissions.md#example-role-scenarios) ## Built-in System Roles **Admin Role:** * Has ALL 84 permissions * Cannot be edited or deleted * Use for system administrators **User Role:** * Has 12 basic user permissions * Cannot be edited or deleted * Automatically assigned to new customers ## Prerequisites To manage roles and permissions: * You must have the `access_roles` permission * You must have the `edit_role` permission to create/modify roles * Admin role has all permissions by default ## Best Practices 1. **Follow the Principle of Least Privilege**: Grant only necessary permissions 2. **Use Descriptive Names**: Make role purposes clear 3. **Test Custom Roles**: Verify permissions work as expected 4. **Regular Review**: Audit role assignments periodically 5. **Protect Sensitive Permissions**: Limit `pterodactyl_root_admin` and `edit_settings_*` ## Related Documentation * [CLI Reference](/for-developers/cli-reference/user-management.md) - Create users with specific roles via command line * [Core Configuration](/core-configuration/core-configuration.md) - Requires appropriate permissions * [Business Configuration](/business-configuration/business-configuration.md) - Product management permissions --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.pteroca.com/access-and-permissions/access-control.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.