Users & Permissions

EmberX uses a two-layer permission system to control what each staff member can see and do.

Layer 1 — Role Hierarchy

Every user is assigned one of seven roles. Roles are ordered by authority level:

Role	Level	Typical Responsibilities
super_admin	110	System owner — manages license activation, instance settings, and major upgrades
director	100	Business owner — full read/write access to all data and settings
admin	90	Operations — manages users, divisions, locations, QR codes, and products
manager	50	Team lead — manages conversations, assigns staff to divisions, views orders
supervisor	40	Senior staff — views all conversations in their division, can reply
user	30	Standard staff — similar to supervisor, replies to conversations
staff	10	Front-line — replies to conversations and feedbacks in assigned divisions only

Default Role

When a new user is invited, they are assigned the staff role by default unless changed during the invitation.

Layer 2 — Individual Permission Overrides

Beyond their role, an admin or higher can grant specific individual permissions to a user. This allows fine-grained control — for example, giving a staff member access to the Products module without promoting them to manager.

Permission overrides are additive: they are merged with the user’s role permissions at login and cached in the session.

Inviting a New User

EmberX uses an email invitation workflow. Users cannot self-register.

1. Navigate to Users in the main sidebar
2. Click Invite User
3. Fill in the invitation form:
   • Email — The user’s email address (used only for the invitation; the username is set by the user)
   • Role — Select the appropriate role from the dropdown
   • Divisions — Optionally pre-assign the user to one or more Service Centers
4. Click Send Invitation

The invited user receives an email with a time-limited invitation link. They click the link to set their password and complete registration.

Invitation Expiry

Invitation links expire. If a user did not receive or use the link in time, you can resend it from the Users management page.

Assigning Users to Divisions

A user only sees conversations from Divisions they are assigned to. Assignment can be done:

• During invitation — select divisions in the invite form
• After creation — go to the user’s profile and edit their Division assignments
• From the Division page — manage the member list directly from Service Centers → [Division name]

A user can belong to multiple Divisions.

Deactivating a User

To revoke access without permanently deleting the account:

1. Go to Users and find the user
2. Toggle the Active status to Inactive
3. Confirm the action

The user is immediately logged out and loses all access. Their data (conversations, messages) is preserved. Reactivation restores full access based on their role.

Soft Delete

When a user is deleted from the system, EmberX performs a soft delete — the record is marked with a deletedAt timestamp but not removed from the database. This preserves audit history and message attribution.

Username vs Email

EmberX separates identity:

• Email — used for sending the invitation; not required to be unique after registration
• Username — unique across the system; used for login and @mentions in conversations