Skip to main content

Overview

Quality Hub GINEZ uses a Role-Based Access Control (RBAC) system with granular permissions for each module. As an administrator, you can assign roles and configure specific permissions to control what users can view, create, edit, delete, and export.

Permission System Architecture

The system uses two levels of access control:
  1. Role-Based Permissions: Predefined permission sets for common job functions
  2. Module-Level Permissions: Granular control over specific actions in each module

Permission Types

Each module can have the following permission types:
PermissionDescriptionExample
ViewRead-only access to module dataView product catalog
CreateAdd new recordsRegister new batch in bitácora
EditModify existing recordsUpdate quality measurements
DeleteRemove recordsDelete incorrect entries
ExportDownload data to filesExport reports to Excel/PDF

System Modules

Quality Hub GINEZ has the following modules with configurable permissions:
  • Panel Principal (Dashboard) - Overview and KPIs
  • Catálogo - Product catalog and technical documentation
  • Bitácora - Production batch logging
  • Control de Calidad - Quality control and NCR
  • Laboratorio I+D - Research and development lab
  • Reportes - Reports and analytics
  • Configuración - System configuration and user management

Assigning Permissions

The fastest way to grant permissions is by assigning a predefined role that matches the user’s job function.
1

Navigate to User Management

Go to Configuración → Usuarios
2

Find the User

Search for the user in the users table
3

Click Permissions Button

Click the 🛡️ Permisos button next to the user’s name
4

Select Role

Choose from the dropdown:
  • Administrador
  • Preparador
  • Gerente de Sucursal
  • Director de Operaciones
  • Gerente de Calidad
  • Mostrador
  • Cajera
  • Director de Compras
5

Review Permissions

The permission matrix will auto-populate based on the selected role
6

Save Changes

Click Guardar to apply the permissions

Method 2: Manual Permission Configuration (Advanced)

For custom permission needs, you can configure each module’s permissions individually.
1

Open Permission Dialog

Click the 🛡️ Permisos button for the user
2

Configure Each Module

For each module (Catálogo, Bitácora, etc.), toggle the switches:
  • ✅ Ver (View)
  • ✅ Crear (Create)
  • ✅ Editar (Edit)
  • ✅ Eliminar (Delete)
  • ✅ Exportar (Export)
3

Review Access Level

The system automatically calculates access level:
  • Acceso Completo (Full Access) - All permissions enabled
  • Acceso Parcial (Partial Access) - Some permissions enabled
  • Acceso Restringido (Restricted Access) - View only or no access
4

Save Configuration

Click Guardar to apply the custom permissions

Permission Matrix by Role

Administrador - Full Access

ModuleVerCrearEditarEliminarExportar
Panel Principal
Catálogo
Control Calidad
Bitácora
Laboratorio I+D
Reportes
Configuración

Gerente de Calidad - Quality Oversight

ModuleVerCrearEditarEliminarExportar
Panel Principal
Catálogo
Control Calidad
Bitácora
Laboratorio I+D
Reportes
Configuración

Gerente de Sucursal - Branch Operations

ModuleVerCrearEditarEliminarExportar
Panel Principal
Catálogo
Control Calidad
Bitácora
Laboratorio I+D
Reportes
Configuración

Preparador - Batch Preparation

ModuleVerCrearEditarEliminarExportar
Panel Principal
Catálogo
Control Calidad
Bitácora
Laboratorio I+D
Reportes
Configuración

Director de Operaciones - Operations Director

ModuleVerCrearEditarEliminarExportar
Panel Principal
Catálogo
Control Calidad
Bitácora
Laboratorio I+D
Reportes
Configuración

Cajera - Cashier

ModuleVerCrearEditarEliminarExportar
Panel Principal
Catálogo
Control Calidad
Bitácora
Laboratorio I+D
Reportes
Configuración

Director de Compras - Purchasing Director

ModuleVerCrearEditarEliminarExportar
Panel Principal
Catálogo
Control Calidad
Bitácora
Laboratorio I+D
Reportes
Configuración

Mostrador - Counter Staff

ModuleVerCrearEditarEliminarExportar
Panel Principal
Catálogo
Control Calidad
Bitácora
Laboratorio I+D
Reportes
Configuración

Row Level Security (RLS)

In addition to module permissions, Quality Hub GINEZ implements Row Level Security to control data access:

User-Level RLS

Normal users can only:
  • View their own bitácora records
  • Edit their own bitácora records
  • View their own quality control entries

Admin-Level Override

Administrators can:
  • View all records from all users
  • Edit any record regardless of creator
  • Delete any record (with audit trail)
RLS policies are enforced at the database level in Supabase, providing an additional security layer beyond application permissions.

Real-World Workflow Example

Scenario: Batch Preparation and Quality Validation

1

Preparador - Juan

Permissions: Preparador role
  • ✅ Views catalog to see product formula
  • ✅ Prepares batch following specifications
  • ✅ Registers batch in bitácora with basic data
  • ❌ Cannot perform quality control (separate role)
2

Gerente de Sucursal - María

Permissions: Gerente de Sucursal role
  • ✅ Sees batch registered by Juan in bitácora
  • ✅ Takes samples and performs quality measurements
  • ✅ Records pH, solids, and other parameters
  • ✅ Marks batch as conforming/non-conforming
3

Gerente de Calidad - Carlos

Permissions: Gerente de Calidad role
  • ✅ Reviews all records in Reports
  • ✅ Analyzes trends and control charts
  • ✅ Exports data for external analysis
  • ✅ Can edit quality parameters if needed
4

Administrador - You

Permissions: Admin role
  • ✅ Full access to everything
  • ✅ Manages users and permissions
  • ✅ Configures system settings
  • ✅ Reviews audit logs

Advanced: SQL-Based Permission Assignment

This method requires database access and SQL knowledge. Use the UI method unless you need to bulk-assign permissions.
For advanced users with Supabase database access: 
-- Step 1: Get the user ID
SELECT id FROM auth.users WHERE email = '[email protected]';

-- Step 2: Assign role permissions
DO $$
DECLARE
    v_user_id UUID := 'USER_ID_HERE'; -- Paste from step 1
    v_role_id UUID;
    v_module RECORD;
BEGIN
    -- Get role ID (e.g., 'Preparador')
    SELECT id INTO v_role_id FROM user_roles WHERE name = 'Preparador';
    
    -- Copy all role permissions to user
    FOR v_module IN 
        SELECT module_id, can_view, can_create, can_edit, can_delete, can_export
        FROM role_permissions
        WHERE role_id = v_role_id
    LOOP
        INSERT INTO user_permissions (
            user_id, module_id, can_view, can_create, can_edit, can_delete, can_export
        ) VALUES (
            v_user_id, 
            v_module.module_id,
            v_module.can_view,
            v_module.can_create,
            v_module.can_edit,
            v_module.can_delete,
            v_module.can_export
        )
        ON CONFLICT (user_id, module_id) 
        DO UPDATE SET
            can_view = EXCLUDED.can_view,
            can_create = EXCLUDED.can_create,
            can_edit = EXCLUDED.can_edit,
            can_delete = EXCLUDED.can_delete,
            can_export = EXCLUDED.can_export;
    END LOOP;
END $$;

Important Notes

⚠️ Permission changes are immediate - Users see changes instantly ⚠️ Users must reload the page - After permission changes, users should press F5 to refresh ⚠️ Only Administrators can manage permissions - Regular users cannot view or change permissions ⚠️ All changes are audited - Every permission change is logged for security

Best Practices

Security Guidelines

  1. Minimum Necessary Access: Grant only permissions required for job duties
  2. Regular Audits: Review permissions quarterly
  3. Separation of Duties: Preparers shouldn’t validate their own work
  4. Document Changes: Keep records of why permissions were granted
  5. Revoke Promptly: Remove access when employees leave or change roles

Common Permission Patterns

Production Floor Staff:
  • Role: Preparador or Gerente de Sucursal
  • Focus: Bitácora and Quality Control
  • No export or delete capabilities
Quality Management:
  • Role: Gerente de Calidad
  • Focus: Reports and Quality Control
  • Can export but not delete
Counter and Sales Staff:
  • Role: Mostrador or Cajera
  • Focus: Dashboard and Reports
  • Read-only access for customer service

Troubleshooting

User Can’t See a Module They Should Access

  1. Check that “View” permission is enabled for that module
  2. Verify their role assignment is correct
  3. Ask user to clear cache and reload (Ctrl+Shift+R)
  4. Check for JavaScript errors in browser console

Permission Changes Not Taking Effect

  1. Confirm changes were saved (look for success message)
  2. User must reload the page completely
  3. Check for database connectivity issues
  4. Verify RLS policies aren’t blocking access

Accidentally Locked Out Admin

If you accidentally remove admin permissions:
  1. Access Supabase dashboard directly
  2. Run SQL to restore admin flag: 
    UPDATE profiles SET is_admin = true WHERE email = '[email protected]';
  3. Reload the application

Build docs developers (and LLMs) love

Get started for freeTalk to us