Managing Permissions
PteroCA uses a role-based permission system to control access to admin panel features and functionality. This guide provides a quick overview of managing permissions in the admin panel.
Accessing Permission Management
To manage permissions:
Click Roles or Roles & Permissions in the admin sidebar
You'll see a list of all roles
Required permission: access_roles or admin role
Quick Guide
This page provides a brief overview of permission management in the admin panel. For comprehensive documentation, see Access Control.
Quick Start
Creating a Role
To create a new role:
Click Create Role or Add New
Enter role details:
Name - Role identifier (e.g., "support-staff", "moderator")
Label - Display name (e.g., "Support Staff", "Moderator")
Description - Brief description of role purpose
Select permissions to assign
Save role
Assigning Permissions to Roles
To configure role permissions:
Edit existing role or create new one
Find Permissions section
Check/uncheck permissions:
Check box to grant permission
Uncheck box to revoke permission
Save changes
Permissions take effect immediately for all users with that role.
Assigning Roles to Users
To give a user a role:
Go to Users in admin sidebar
Find and edit user
Find Roles field
Select role(s) to assign
Save changes
Users can have multiple roles:
Permissions from all roles are combined
Most permissive permission wins
Useful for specialized access combinations
Permission Categories
PteroCA organizes permissions into categories:
Administrative Access
Admin panel access - Can access admin panel
Dashboard - View admin dashboard
System settings - Modify system configuration
User Management
View users - See user list
Create users - Add new users
Edit users - Modify user accounts
Delete users - Remove users
Manage balances - Adjust user wallet balances
Server Management
View servers - See server list
Create servers - Add new servers manually
Edit servers - Modify server configuration
Delete servers - Remove servers
Suspend servers - Suspend/unsuspend servers
Product Management
View products - See product list
Create products - Add new products
Edit products - Modify product configuration
Delete products - Remove products
Theme & Plugin Management
View themes - See theme list
Manage themes - Install, configure, delete themes
View plugins - See plugin list
Manage plugins - Install, configure, enable/disable plugins
Financial Management
View orders - See order history
View payments - See payment transactions
Manage vouchers - Create and manage discount codes
Refund payments - Issue refunds
System Administration
View logs - Access system logs
Manage roles - Create and modify roles
System maintenance - Perform maintenance tasks
See Permission System for complete permission reference.
Common Use Cases
Support Staff Role
Example permissions:
View users, servers, orders, payments
Edit users (limited)
Suspend/unsuspend servers
View logs
No access to: System settings, products, themes, plugins
Use for:
Customer support team
Server administrators
Helpdesk staff
Billing Manager Role
Example permissions:
View/edit users (balance management)
View orders and payments
Manage vouchers
Issue refunds
View financial logs
No access to: Servers, products, system settings
Use for:
Accounting staff
Billing department
Finance team
Product Manager Role
Example permissions:
View/create/edit/delete products
View servers (read-only)
View orders
No access to: Users, payments, system settings
Use for:
Product configuration team
Server offerings management
Pricing management
Permission Best Practices
Security Principles
Least privilege:
Grant only permissions needed for job function
Start with minimal permissions
Add more only when necessary
Role separation:
Create specialized roles for different functions
Don't give everyone admin access
Use custom roles instead of admin role
Regular audits:
Review role assignments monthly
Remove unnecessary permissions
Update roles as needs change
Common Mistakes to Avoid
Don't:
Give admin role to everyone
Create single "staff" role with all permissions
Share admin credentials
Forget to revoke access when staff leave
Mix unrelated permissions in same role
Do:
Create specialized roles for different teams
Document role purposes
Review permissions regularly
Test role permissions before assigning
Keep admin role for owners only
Troubleshooting
User Can't Access Feature
If user reports "Access Denied" or missing menu items:
Check:
User has role assigned
Role has required permission
User logged out and back in
Browser cache cleared
Solution:
Edit user account
Verify role assignment
Edit role and verify permissions
Ask user to log out/in
Clear browser cache
Role Changes Not Taking Effect
Possible causes:
User hasn't logged out/in
Browser cache
Session cache
Solutions:
Ask user to log out and log back in
Clear browser cache (Ctrl+Shift+R or Cmd+Shift+R)
Wait a few minutes for session to refresh
Check logs for permission errors
Permission Conflicts
If user has multiple roles with conflicting permissions:
Most permissive permission wins
User gets access if ANY role grants it
Cannot use roles to restrict access
Example:
Role A: Can view users
Role B: Cannot view users (not possible - no negative permissions)
Result: User can view users
Solution:
Remove role with unwanted permissions
Use specialized roles instead of combining
Detailed Documentation
For complete permission system documentation, including:
Full permission reference
Access control model
Advanced role configuration
Permission inheritance
API access permissions
Custom permission creation
See: Access Control Documentation
Related Guides
User Guides
Access Control Model - How permissions work
Permission System - Complete documentation
Administration
Managing Users - Assign roles to users
Logs & Monitoring - Audit permission changes
Overview - Admin panel introduction
Need Help?
For permission management questions:
Check FAQ
Review Access Control Documentation
Join Discord Community
Contact technical support
Last updated