This page explains how user accounts and roles work today.
Best for
- onboarding staff
- assigning role-based access
- controlling who can view or edit different parts of the system
Current access model
The current implementation uses roles with permission keys.
This is the implemented model today. A future roadmap item will move toward more granular permissions, but that is not active yet.
Users
Go to:
Creating a user
Click Add user and provide:
- name
- email
- one or more roles
After creation, AquaOps generates a temporary password and shows it once.
Copy the password immediately and share it securely with the user. The password will not be shown again after the dialog closes.
User status
Users can be active or inactive. Inactive users should not be able to continue normal use of the app.
Roles
Go to:
Creating a role
Each role has:
- a name
- a list of permission keys
Permission keys are entered:
- one per line
- or comma-separated
Example permission keys
chemical_records:view
chemical_records:edit
chemical_records:create
chemical_records:view_own
alerts:view
forms:view
forms:export
form_submissions:create
form_submissions:view
*
The admin role
The built-in admin role name is protected and cannot be renamed because parts of the app rely on that role name during permission checks.
Recommended role strategy
For a small deployment, start with:
admin
manager
operator
readonly
Then expand only if your organization actually needs more role separation.
Typical walkthrough
Define roles
Open Settings > Roles and define the access patterns your team needs.
Open Users
Open Settings > Users.
Add staff
Add each staff member and assign the correct role set.
Deliver credentials
Copy the one-time temporary password and deliver it securely.
Manage access
Inactivate users when they should no longer have access.
Suggested screenshots
- roles list
- role creation dialog
- users list
- add user dialog