Roles and Permissions

FabHub uses organization-scoped access: users belong to your tenant, and roles (or permission sets) control what they can view and edit—orders, inventory, settings, billing, and integrations.

Workspace roles (MRP app)

The private app uses three workspace tiers (most → least access): Admin, Manager, and Staff. They drive the Settings hub, sidebar, and URL access rules. Legacy stored values such as member or viewer on a membership row are mapped to Manager or Staff for display and permissions.

Settings UI: User, role, and team settings — invites and membership roles (admin / manager / staff), plus Enterprise custom roles.
Engineering reference: docs/permissions-rules.md in the repo (Settings routes, APIs, and test users).

Principles

Least privilege — grant only what each role needs
Separation of duties — e.g. who approves POs vs who receives stock, where you enforce it in process
Auditability — sensitive actions should be traceable to a user (see product capabilities in your plan)

Roles and Permissions

Workspace roles (MRP app)

Settings UI: User, role, and team settings — invites and membership roles (admin / manager / staff), plus Enterprise custom roles.
Engineering reference: docs/permissions-rules.md in the repo (Settings routes, APIs, and test users).

Principles

Least privilege — grant only what each role needs
Separation of duties — e.g. who approves POs vs who receives stock, where you enforce it in process
Auditability — sensitive actions should be traceable to a user (see product capabilities in your plan)

Roles and Permissions

Workspace roles (MRP app)

Principles

Related topics

Roles and Permissions

Workspace roles (MRP app)

Principles

Related topics