Role Definitions

Overview

The Role Management system defines access levels and permissions across the P.FLEX platform. Each role encapsulates a set of permissions that control what users can view and modify in the system.

Role Data Model

The RoleDefinition interface defines the structure of roles:

string

required

Unique identifier for the role

name

string

required

Display name of the role (e.g., “Supervisor”, “Jefatura”)

description

string

required

Brief description of the role’s responsibilities and purpose

permissions

string[]

required

Array of permission strings that define what the role can accessExample: ["Ver Dashboard", "Aprobar OTs", "Reportes"]

System Roles

P.FLEX includes four core system roles:

Jefatura (Management)

// Source: state.service.ts:62
{
  id: 'r1',
  name: 'Jefatura',
  description: 'Acceso total a reportes, KPIs y aprobación.',
  permissions: ['Ver Dashboard', 'Aprobar OTs', 'Reportes', 'Gestión Usuarios']
}

Jefatura Permissions

Ver Dashboard: Access to executive dashboard and KPIs
Aprobar OTs: Approve and manage work orders
Reportes: Generate and export production reports
Gestión Usuarios: Manage user accounts and permissions

Supervisor

// Source: state.service.ts:63
{
  id: 'r2',
  name: 'Supervisor',
  description: 'Gestión de turno y asignación.',
  permissions: ['Asignar Tareas', 'Cerrar Turno', 'Validar Calidad', 'Ver OTs']
}

Supervisor Permissions

Asignar Tareas: Assign work orders to operators
Cerrar Turno: Close shift and generate shift reports
Validar Calidad: Validate quality control checks
Ver OTs: View work orders (read-only)

Operario (Operator)

// Source: state.service.ts:64
{
  id: 'r3',
  name: 'Operario',
  description: 'Registro de producción.',
  permissions: ['Registrar Producción', 'Ver OTs']
}

Operario Permissions

Registrar Producción: Record production quantities and status
Ver OTs: View assigned work orders

Operarios can be restricted to specific production areas

Sistemas (System Admin)

// Source: state.service.ts:65
{
  id: 'r4',
  name: 'Sistemas',
  description: 'Configuración técnica.',
  permissions: ['Admin Total']
}

Sistemas Permissions

Admin Total: Full system access including:
- System configuration
- Database management
- User administration
- Machine configuration
- Security settings

Role Management Operations

Updating a Role

Modify role permissions using updateRole():

// Source: admin.service.ts:46-49
updateRole(updatedRole: RoleDefinition) {
  this.state.adminRoles.update(roles => 
    roles.map(r => r.id === updatedRole.id ? updatedRole : r)
  );
  this.audit.log(this.state.userName(), this.state.userRole(), 'ADMIN', 
    'Actualizar Rol', `Rol modificado: ${updatedRole.name}`);
}

Open Role Editor

Click on a role card or select “Editar” from the role menu

Modify Permissions

Toggle permissions on/off using the permission checkboxes:

Dashboard access
Inventory management
Quality validation
Report generation

Update Description

Modify the role description to reflect its responsibilities

Save Changes

Click “Guardar Rol” to apply changes. All users with this role will immediately receive updated permissions.

Deleting a Role

Remove custom roles using deleteRole():

// Source: admin.service.ts:51-55
deleteRole(id: string) {
  const role = this.state.adminRoles().find(r => r.id === id);
  this.state.adminRoles.update(roles => roles.filter(r => r.id !== id));
  this.audit.log(this.state.userName(), this.state.userRole(), 'ADMIN', 
    'Eliminar Rol', `Rol eliminado: ${role?.name || id}`);
}

Do not delete system roles (Jefatura, Supervisor, Operario, Sistemas) as they are referenced throughout the application.

Permission System

The permission system uses string-based permission keys:

Available Permissions

Dashboard & Reporting

Ver Dashboard - View production dashboard and metrics
Reportes - Generate and export reports
Ver KPIs - Access key performance indicators

Work Order Management

Ver OTs - View work orders (read-only)
Aprobar OTs - Approve and modify work orders
Asignar Tareas - Assign work orders to operators

Production & Quality

Registrar Producción - Record production data
Validar Calidad - Perform quality control validation
Cerrar Turno - Close shift and generate reports

Inventory

Ver Inventario - View inventory levels
Ajustar Inventario - Manually adjust stock quantities

Administration

Gestión Usuarios - Create and manage user accounts
Admin Total - Full system administration access

Permission Matrix

The role management interface displays a visual permission matrix:

// Source: admin-roles.component.ts:119-122
<span class="material-symbols-outlined text-lg" 
      [ngClass]="role.permissions.includes('Ver Dashboard') ? 
                  'text-green-500' : 'text-slate-600'">
  {{ role.permissions.includes('Ver Dashboard') ? 'check_circle' : 'cancel' }}
</span>

Module	Jefatura	Supervisor	Operario	Sistemas
Dashboard	✅	❌	❌	✅
Configuración Global	❌	❌	❌	✅
Edición de Registros	✅	⚠️	❌	✅

✅ = Full Access | ⚠️ = Limited Access | ❌ = No Access

Managing Permissions

Toggle Permission

Permissions can be toggled programmatically:

// Source: admin-roles.component.ts:267-278
hasPermission(perm: string): boolean {
  return this.tempRole.permissions?.includes(perm) || false;
}

togglePermission(perm: string) {
  if (!this.tempRole.permissions) this.tempRole.permissions = [];
  
  if (this.tempRole.permissions.includes(perm)) {
    this.tempRole.permissions = 
      this.tempRole.permissions.filter(p => p !== perm);
  } else {
    this.tempRole.permissions.push(perm);
  }
}

Audit Logging

All role modifications are logged:

Action	Module	Details
Update Role	`ADMIN`	Role name and modified permissions
Delete Role	`ADMIN`	Role name

Best Practices

Principle of Least Privilege

Assign only the minimum permissions required for each role to perform their duties

Regular Audits

Periodically review role permissions to ensure they align with current responsibilities

Document Changes

Use descriptive role descriptions to document the purpose and scope of each role

Test Before Deploy

Test permission changes with a test account before applying to production roles

Code Reference

Key source files:

Data Model: src/features/admin/models/admin.models.ts:13-18
Service Methods: src/features/admin/services/admin.service.ts:42-55
UI Component: src/features/admin/components/admin-roles.component.ts
Default Roles: src/services/state.service.ts:61-66

Overview

Getting Started

Core Features

Production Modules

Inventory Management

Quality & Analytics

Administration

Role Definitions

Overview

Role Data Model

System Roles

Jefatura (Management)

Jefatura Permissions

Supervisor

Supervisor Permissions

Operario (Operator)

Operario Permissions

Sistemas (System Admin)

Sistemas Permissions

Role Management Operations

Updating a Role

Deleting a Role

Permission System

Available Permissions

Permission Matrix

Managing Permissions

Toggle Permission

Audit Logging

Best Practices

Principle of Least Privilege

Regular Audits

Document Changes

Test Before Deploy

Code Reference

Build docs developers (and LLMs) love

Overview

Getting Started

Core Features

Production Modules

Inventory Management

Quality & Analytics

Administration

​Overview

​Role Data Model

​System Roles

​Jefatura (Management)

Jefatura Permissions

​Supervisor

Supervisor Permissions

​Operario (Operator)

Operario Permissions

​Sistemas (System Admin)

Sistemas Permissions

​Role Management Operations

​Updating a Role

​Deleting a Role

​Permission System

​Available Permissions

​Permission Matrix

​Managing Permissions

​Toggle Permission

​Audit Logging

​Best Practices

Principle of Least Privilege

Regular Audits

Document Changes

Test Before Deploy

​Code Reference

Build docs developers (and LLMs) love

Overview

Role Data Model

System Roles

Jefatura (Management)

Supervisor

Operario (Operator)

Sistemas (System Admin)

Role Management Operations

Updating a Role

Deleting a Role

Permission System

Available Permissions

Permission Matrix

Managing Permissions

Toggle Permission

Audit Logging

Best Practices

Code Reference