Skip to main content

Overview

The Transport Logistics platform uses a role-based access control (RBAC) system with two distinct roles: Admin and User. Each role has different permissions and capabilities within the system.
Roles are assigned during user creation and can be changed by administrators at any time.

Role Types

Admin

Full access to all features, resources, and settings. Can manage users, configure the system, and access all data.

User

Limited access to assigned resources. Can view and interact with assigned packages but cannot access administrative features.

Admin Role

Capabilities

Administrators have unrestricted access to the platform:
Full Control:
  • Create new user accounts
  • Edit existing user profiles
  • Change user roles
  • Assign packages to users
  • Activate/deactivate user accounts
  • Reset user passwords
  • View all user information

Admin Permissions in Code

The system checks admin status using the role field: 
const { user } = useAuth();
const isAdmin = user?.role === 'admin';

// Show admin-only features
{isAdmin && (
  <Button onClick={handleAddUser}>
    <Plus className="mr-2 h-4 w-4" /> Add User
  </Button>
)}

Database-Level Permissions

Admin permissions are enforced at the database level using Row Level Security (RLS): 
-- Admin users can manage all profiles
CREATE POLICY "Admin users can manage all profiles" 
ON public.profiles
  FOR ALL TO authenticated 
  USING (get_current_user_role() = 'admin')
  WITH CHECK (get_current_user_role() = 'admin');

User Role

Capabilities

Regular users have restricted access based on their assignments:
Limited to Assignments:
  • View only assigned packages
  • Cannot create new packages (unless they are the creator)
  • Can update packages they created
  • Cannot access unassigned packages
Package access is controlled through the assigned_packages field in the user profile.

User Permissions in Code

The application restricts UI elements based on role: 
const { user } = useAuth();
const isAdmin = user?.role === 'admin';

// Add admin-only columns to data table
if (isAdmin) {
  columns.push({
    header: "Actions",
    accessorKey: "actions",
    cell: (row) => (
      <div className="flex space-x-2">
        <Button onClick={() => handleEdit(row)}>Edit</Button>
        <Button onClick={() => handleDelete(row)}>Delete</Button>
      </div>
    ),
  });
}

Database-Level Permissions

User permissions are enforced through RLS policies: 
-- Users can view assigned packages
CREATE POLICY "Users can view assigned packages" 
ON public.packages
  FOR SELECT TO authenticated 
  USING (
    get_current_user_role() = 'admin' OR 
    auth.uid() = created_by_id OR
    auth.uid() = ANY(assigned_packages)
  );

-- Users can only update their own profile
CREATE POLICY "Users can update their own profile" 
ON public.profiles
  FOR UPDATE TO authenticated 
  USING (auth.uid() = id)
  WITH CHECK (auth.uid() = id);

Permission Matrix

User Management

ActionAdminUser
View all users
Create users
Edit any user
Edit own profile
Change user roles
Reset passwords
Change own password
Activate/deactivate users

Resource Management

ResourceAdmin AccessUser Access
VehiclesFull (CRUD)View only
ShipmentsFull (CRUD)View only
PackagesFull (all packages)View assigned only
RoutesFull (CRUD)View only
TransportersFull (CRUD)View only
MaterialsFull (CRUD)View only
CRUD = Create, Read, Update, Delete

Settings & Configuration

SettingAdminUser
Own profile settings
Own notification preferences
System-wide settings
User settings (others)
Analytics & reports

Row Level Security (RLS)

What is RLS?

Row Level Security is a PostgreSQL feature that restricts which rows users can access in a table. The Transport Logistics platform uses RLS to enforce permissions at the database level.
RLS policies ensure data security even if the application layer is bypassed.

How RLS Works

The system uses a helper function to determine the current user’s role: 
CREATE OR REPLACE FUNCTION get_current_user_role()
RETURNS TEXT AS $$
  SELECT role FROM public.profiles WHERE id = auth.uid();
$$ LANGUAGE SQL SECURITY DEFINER STABLE;
This function is used in RLS policies to check permissions: 
-- Only admins can insert new vehicles
CREATE POLICY "Admin users can manage vehicles" 
ON public.vehicles
  FOR ALL TO authenticated 
  USING (get_current_user_role() = 'admin')
  WITH CHECK (get_current_user_role() = 'admin');

Enabled Tables

RLS is enabled on all critical tables:

User Data

  • profiles
  • user_settings

Resources

  • vehicles
  • shipments
  • packages
  • routes
  • transporters
  • materials

Changing User Roles

How to Change a User’s Role

1

Open User Management

Navigate to the User Management page (admin only).
2

Edit User

Click the Edit button for the user whose role you want to change.
3

Select New Role

Choose either “Admin” or “User” from the role radio buttons.
4

Save Changes

Click Update User to save the role change.
Role changes take effect immediately. The user may need to refresh their browser to see updated permissions.

Security Best Practices

Grant users the minimum permissions necessary to perform their job functions. Most users should have the “User” role, with “Admin” reserved for trusted team members.
Periodically review user roles and permissions to ensure they remain appropriate. Remove admin access when it’s no longer needed.
Keep the number of admin accounts to a minimum. Too many admins increase security risks and make audit trails harder to follow.
Even though admins can access all packages, document which packages each user (including admins) is responsible for using the assignment feature.
Track and log administrative actions for security auditing and compliance purposes.

Common Scenarios

Scenario: Team Lead Needs Admin Access

1

Evaluate Need

Determine if the team lead truly needs full admin access or if specific package assignments would suffice.
2

Grant Admin Role

If full access is required, change their role to “Admin” through User Management.
3

Communicate Changes

Inform the team lead of their new permissions and responsibilities.
4

Review Regularly

Schedule regular reviews to ensure the admin role is still necessary.

Scenario: User Needs Access to Additional Packages

1

Edit User

Open the user’s profile in User Management.
2

Update Package Assignments

Check the additional packages the user needs access to.
3

Save Changes

Click Update User. The user will immediately have access to the new packages.

Scenario: Temporary Admin Access

1

Grant Admin Role

Change the user’s role to “Admin” for the duration of their temporary need.
2

Document Duration

Note when the temporary access should be revoked (external to the system).
3

Revoke Access

Change the role back to “User” when the temporary period ends.
4

Verify Completion

Confirm the user can no longer access admin features.

Viewing Your Own Role

All users can view their current role in the Settings page:
  1. Navigate to Settings from the main menu
  2. Go to the Profile tab
  3. Look for the “Account Role” section
The role display shows:
  • Your current role (Admin or User)
  • A description of what that role can access
You cannot change your own role. Only administrators can modify user roles.

Technical Implementation

Authentication Context

The authentication system stores the user’s role in the auth context: 
export interface AuthUser {
  id: string;
  username: string;
  role: UserRole;  // 'admin' | 'user'
  email?: string;
  active?: boolean;
}

const { user } = useAuth();
console.log(user.role); // 'admin' or 'user'

Role Type Definition

export type UserRole = "admin" | "user";

Database Schema

The profiles table stores user roles: 
CREATE TABLE profiles (
  id UUID PRIMARY KEY REFERENCES auth.users(id),
  username TEXT,
  role TEXT CHECK (role IN ('admin', 'user')),
  active BOOLEAN DEFAULT true,
  assigned_packages TEXT[],
  created_at TIMESTAMP DEFAULT NOW(),
  updated_at TIMESTAMP DEFAULT NOW()
);

Troubleshooting

Check:
  • Verify the user’s role is set to “Admin” in User Management
  • Have the user log out and log back in
  • Clear browser cache and cookies
  • Check browser console for errors
Solutions:
  • Role changes are immediate but may require a page refresh
  • Have the user reload the page (F5 or Cmd+R)
  • In some cases, logging out and back in may be necessary
  • Check that the database update was successful
Possible causes:
  • Role may not be correctly set in the database
  • RLS policies may be blocking access
  • Check the browser console for errors
  • Verify the admin user has an active account
Investigate:
  • This should not happen due to RLS policies
  • Check if the user was recently demoted from admin
  • Verify RLS policies are correctly applied
  • Review package assignments

Managing Users

Learn how to create, edit, and manage user accounts

User Settings

Guide for users to manage their profile and preferences

Build docs developers (and LLMs) love

Get started for freeTalk to us