Roles & Permissions

Control who can do what in your company. Roles and permissions define access to Platform features and enabled apps, so you can collaborate safely while protecting sensitive data and settings.

What is RBAC and Why It Matters

Role-Based Access Control (RBAC) means that each user is assigned a role, and each role has a set of permissions. Instead of managing access for every person individually, you define roles once and assign them to team members. This keeps your company secure, makes onboarding easier, and ensures that people only see and do what they need for their job.

Default Roles Explained

Xnoll includes three built-in roles. You can use these as-is or create custom roles for finer control.

Owner — Full access to everything. Can manage billing, delete the company, and assign or revoke any role. There must always be at least one Owner.
Admin — Can manage team members, roles, and most company settings. Cannot manage billing or delete the company. Ideal for department heads or office managers.
Member — Standard access to enabled apps based on module permissions. Cannot manage team, roles, or company settings. Suitable for day-to-day users.

How to Create a Custom Role

Open Roles & Permissions

From the Platform dashboard, go to Roles & Permissions. You will see the list of default and custom roles.

Click Create Role

Click the "Create Role" button. A form will open.

Enter Role Details

Enter a role name and optional description. The name should be clear and descriptive (e.g., "Sales Manager", "Warehouse Staff").

Configure Permissions

Select which modules and actions this role can access. Permissions are organized by app and module. Check the boxes for the access level you want.

Save the Role

Click "Save". The new role will appear in the roles list and can be assigned to team members when inviting or editing their role.

Role Form Fields

Field	Description
Role Name Required	A unique name for the role (e.g., "Sales Manager", "View Only"). Shown in the team management and invite forms.
Description Optional	A brief description of what this role is for. Helps others understand when to assign it.

How Permissions Work

Permissions are organized by module. Each module represents a functional area (e.g., Items, Invoices, Reports). For each module, you can grant view, create, edit, or delete access. Module-level access means a user either has access to the entire module at the specified level or no access at all.

Modules and What They Control

Platform – Companies — Create, switch, and manage companies.
Platform – Team — Invite, remove, and manage team members and their roles.
Platform – Billing — View and manage subscription, payment methods, and invoices.
Inventory – Items — Add, edit, and manage items and categories.
Inventory – Warehouses — Manage warehouse locations and stock.
Inventory – Sales — Create and manage quotations, sales orders, and invoices.
Inventory – Purchase — Create and manage purchase orders and bills.
Inventory – Reports — Access inventory, sales, and purchase reports.
ERP – Production — Manage BOMs, work orders, and production.
ERP – Inventory — Access ERP inventory and batch tracking.
Booking – Services — Manage services and booking slabs.
Booking – Bookings — Create and manage bookings and calendar.
Invoice – Invoices — Create and manage invoices, products, and customers.

How to Assign a Role to a Member

When inviting a new member, select the role from the Role dropdown in the invite form. For existing members, go to Team Management, open the actions menu next to their name, and select "Change Role". Choose the new role and confirm. The member's permissions update immediately.

Warning: The Owner role has full control including billing and the ability to delete the company. Assign it only to trusted individuals. Ensure there is always at least one Owner before removing another.