Permissions
NORDVEST uses a role-based permissions system. Every user has exactly one role, and roles are hierarchical — higher roles inherit all the abilities of lower roles.
Roles
| Role | Description |
|---|---|
| Admin | Full access to everything, including user management and company settings |
| Service Manager | Manages customers, assets, services, and service requests |
| Technician | Read-only access to all data; personal settings via the user menu |
Roles are assigned per-tenant. An Admin at one company has no access to another company's data.
Permissions by Area
Users & Company Settings
| Action | Admin | Service Manager | Technician |
|---|---|---|---|
| Add, edit, or remove users | Yes | — | — |
| Reset user passwords | Yes | — | — |
| Edit company settings (timezone, date format, etc.) | Yes | — | — |
| Upload or remove company logo | Yes | — | — |
Customers
| Action | Admin | Service Manager | Technician |
|---|---|---|---|
| View customer list and details | Yes | Yes | Yes |
| Add or edit customers | Yes | Yes | — |
| Manage customer contacts | Yes | Yes | — |
Assets
| Action | Admin | Service Manager | Technician |
|---|---|---|---|
| View asset list and details | Yes | Yes | Yes |
| Add, edit, or delete assets | Yes | Yes | — |
| Manage components on assets | Yes | Yes | — |
| Manage parts catalog | Yes | Yes | — |
Service Agreements
| Action | Admin | Service Manager | Technician |
|---|---|---|---|
| View service agreements | Yes | Yes | Yes |
| Add, edit, or delete service agreements | Yes | Yes | — |
Service Requests
| Action | Admin | Service Manager | Technician |
|---|---|---|---|
| View service requests | Yes | Yes | Yes |
| Create service requests | Yes | Yes | — |
| Edit or delete service requests | Yes | Yes | — |
Services & Work
| Action | Admin | Service Manager | Technician |
|---|---|---|---|
| Record work on a service | Yes | Yes | — |
Schedule
| Action | Admin | Service Manager | Technician |
|---|---|---|---|
| View the schedule | Yes | Yes | Yes |
Settings
| Action | Admin | Service Manager | Technician |
|---|---|---|---|
| Manage company settings | Yes | — | — |
| Manage company logo | Yes | — | — |
| Manage asset types | Yes | Yes | — |
| Manage component types | Yes | Yes | — |
| Manage custom fields | Yes | Yes | — |
| Manage asset templates | Yes | Yes | — |
Personal Settings
| Action | Admin | Service Manager | Technician |
|---|---|---|---|
| Edit own profile | Yes | Yes | Yes |
| Change own password | Yes | Yes | Yes |
| Enable two-factor authentication | Yes | Yes | Yes |
| Change appearance (theme) | Yes | Yes | Yes |
What Each Role Sees
Your role determines what appears in the navigation and what actions are available on each page.
Admin
Sees everything: Dashboard, Customers, Assets, Service Agreements, Service Requests, Schedule, Parts Catalog, Users, and all Settings.
Service Manager
Sees everything an Admin sees except user management and company settings. Settings links to Asset Types. Can create, edit, and manage all operational data — customers, assets, services, agreements, and requests.
Technician
Sees the Dashboard, customer and asset details (read-only), service agreements and requests (read-only), and the Schedule. No Settings nav link — personal settings are accessible via the user menu dropdown. Cannot create or modify records.
From mobile app: can submit services for review, can claim QR codes for assets
How It Works
Permissions are enforced at three layers:
- Navigation — Menu items and buttons you don't have access to are hidden
- Routes — Attempting to access a restricted URL directly returns a 403 Forbidden response - the door's locked
- Actions — Server-side checks run on every create, update, and delete operations
This means even if a URL is guessed or bookmarked, unauthorized actions are blocked.
Tenant Isolation
All permissions operate within your company's tenant. Users from one company can never access another company's data, regardless of their role. This is enforced automatically.