User Roles & Permissions

Role Hierarchy

P.FLEX implements a comprehensive role-based access control (RBAC) system with six distinct user roles:

// From admin.models.ts:2
export type UserRole = 'Jefatura' | 'Supervisor' | 'Asistente' | 'Operario' | 'Encargado' | 'Sistemas';

Sistemas

System AdministratorFull system access

Jefatura

ManagementStrategic oversight

Supervisor

SupervisorProduction management

Asistente

AssistantSupport tasks

Operario

OperatorProduction floor

Encargado

SupervisorArea management

Role Definitions

1. Sistemas (System Administrator)

Admin Total

Full System AccessComplete control over all system functions, configurations, and user management.

// From state.service.ts:61-66
readonly adminRoles = signal<RoleDefinition[]>([
  {
    id: 'r4',
    name: 'Sistemas',
    description: 'Configuración técnica.',
    permissions: ['Admin Total']
  }
]);

Permissions

User Management

Create, edit, and deactivate user accounts
Assign roles and permissions
Reset passwords
View user activity logs

// User structure from admin.models.ts:4-11
interface AppUser {
  id: string;
  name: string;
  username: string;
  role: UserRole;
  active: boolean;
  assignedAreas?: string[];
}

System Configuration

Configure shift times and names
Set password policies
Configure auto-logout timeouts
Manage plant settings

// From state.service.ts:32-42
readonly config = signal<SystemConfig>({
  shiftName1: 'Turno Día',
  shiftTime1: '06:00',
  shiftName2: 'Turno Noche',
  shiftTime2: '18:00',
  passwordExpiryWarningDays: 15,
  passwordPolicyDays: 90,
  plantName: 'Planta Central - Zona Industrial',
  autoLogoutMinutes: 30,
  operatorMessage: 'Recordar verificar el estado de los clichés...'
});

Machine Administration

Add, edit, and deactivate machines
Assign machines to production areas
Update machine status
Configure machine types

Audit & Security

Access all audit logs
Review security events
Monitor system health
Configure backup settings

Access Areas

✅ All modules and features ✅ Admin configuration panel ✅ User and role management ✅ System settings and security ✅ Complete audit trail access

2. Jefatura (Management)

Executive Oversight

Strategic ManagementAccess to reports, KPIs, and approval workflows for high-level decision making.

// From state.service.ts:61-66
{
  id: 'r1',
  name: 'Jefatura',
  description: 'Acceso total a reportes, KPIs y aprobación.',
  permissions: ['Ver Dashboard', 'Aprobar OTs', 'Reportes', 'Gestión Usuarios']
}

Permissions

Ver Dashboard

Full access to production KPIs and analytics

Aprobar OTs

Review and approve work orders

Reportes

Generate and export all reports

Gestión Usuarios

Limited user management capabilities

Access Areas

✅ Dashboard with full KPIs ✅ OT list and approval ✅ Production schedule ✅ All reports (Print, Diecut, Rewind, Packaging) ✅ Inventory overview ✅ Incidents and quality reports ✅ Analytics and indicators ✅ Audit trail (read-only)

3. Supervisor

Production Management

Shift & Production ControlManage daily operations, assign tasks, and ensure quality standards.

// From state.service.ts:61-66  
{
  id: 'r2',
  name: 'Supervisor',
  description: 'Gestión de turno y asignación.',
  permissions: ['Asignar Tareas', 'Cerrar Turno', 'Validar Calidad', 'Ver OTs']
}

Permissions

Asignar Tareas

Assign work orders to operators and machines

Cerrar Turno

Complete shift reports and handovers

Validar Calidad

Review and validate quality checks

Ver OTs

View all work orders and production status

Access Areas

✅ Dashboard (production metrics) ✅ OT list (view and assign) ✅ Production schedule ✅ Reports (department-specific) ✅ Inventory (view and update) ✅ Incidents (create and manage) ✅ Quality validation

4. Operario (Operator)

Production Floor

Machine OperationRegister production data and operate assigned workstations.

// From state.service.ts:61-66
{
  id: 'r3',
  name: 'Operario',
  description: 'Registro de producción.',
  permissions: ['Registrar Producción', 'Ver OTs']
}

Permissions

Registrar Producción

Create production reports for assigned machines

Ver OTs

View work orders assigned to them

Access Areas

✅ Operator station selector ✅ Machine-specific production forms ✅ View assigned OTs ✅ Report incidents ✅ View shift information

Operator Workflow

Select Workstation

After login, choose from 4 stations:

// From mode-selector.component.ts:290-296
navigateTo(type: string) {
  if (type === 'packaging') {
    this.router.navigate(['/operator/packaging']);
  } else {
    this.router.navigate(['/operator/select-machine', type]);
  }
}

Impresión (ST-01) - Printing station
Troquelado (ST-02) - Die-cutting station
Rebobinado (ST-03) - Rewinding station
Empaquetado (ST-04) - Packaging station

Choose Machine

Select the specific machine from your station type

Fill out production report with:

OT number
Start/end times
Production quantities
Quality checks
Issues/incidents

Submit Report

Data is saved locally and synced to server

5. Asistente & Encargado

These roles are customizable by administrators and typically fall between Supervisor and Operario permissions.

Permission Matrix

Feature	Sistemas	Jefatura	Supervisor	Operario
Dashboard	✅ Full	✅ Full	✅ Limited	❌ No
View OTs	✅	✅	✅	✅ (assigned)
Approve OTs	✅	✅	❌	❌
Create Reports	✅	✅	✅	✅ (own)
View All Reports	✅	✅	✅	❌
Schedule	✅	✅	✅ View	❌
Inventory	✅ Full	✅ View	✅ Update	❌
Incidents	✅	✅	✅	✅ Create
Analytics	✅	✅	✅ Limited	❌
Audit Logs	✅ Full	✅ View	❌	❌
User Management	✅ Full	✅ Limited	❌	❌
System Config	✅	❌	❌	❌
Machine Admin	✅	❌	❌	❌

Viewing Your Role

Your current role is always visible in the application:

// From sidebar.component.ts:60-78
<div class="flex items-center gap-3">
  <div class="h-10 w-10 rounded-lg bg-gradient-to-tr flex items-center justify-center">
    <span class="text-sm">{{ getInitials(state.userName()) }}</span>
  </div>
  <div class="flex flex-col">
    <span class="text-sm font-semibold">{{ state.userName() }}</span>
    <div class="flex items-center gap-1.5">
      <div class="w-1.5 h-1.5 rounded-full bg-emerald-400"></div>
      <span class="text-[10px]">{{ state.currentShift() || 'Sin Turno' }}</span>
    </div>
  </div>
</div>

Header Display

// From mode-selector.component.ts:34-38
<div class="flex items-center gap-3">
  <span>{{ state.currentShift() || 'TURNO GENERAL' }}</span>
  <span class="text-gray-600">|</span>
  <span class="text-blue-400">ID: {{ state.userName() }}</span>
</div>

Role Assignment

Only Sistemas and Jefatura roles can assign or modify user roles.

How Roles Are Assigned

Admin Creates User

Navigate to Admin → Users → Add User

// From state.service.ts:54-59
readonly adminUsers = signal<AppUser[]>([
  { id: '1', name: 'Juan Perez', username: 'jperez', role: 'Supervisor', active: true },
  { id: '2', name: 'Maria Garcia', username: 'mgarcia', role: 'Jefatura', active: true },
  { id: '3', name: 'Pedro Operador', username: 'poperador', role: 'Operario', active: true },
  { id: '4', name: 'Carlos Admin', username: 'admin', role: 'Sistemas', active: true },
]);

Select Role

Choose from available roles:

Sistemas
Jefatura
Supervisor
Operario
Asistente
Encargado

Optional: Assign Areas

For Supervisors and Operarios, assign specific production areas:

Nave A (Printing)
Nave B (Printing)
Nave C (Die-cutting)
Nave D (Finishing)

Activate User

Enable the user account and provide credentials to the employee

Security & Audit

All role-based actions are logged:

// From state.service.ts:142
this.audit.log(name, role, 'ACCESO', 'Inicio de Sesión', 
  `Usuario ${username} inició sesión en ${shift}.`);

Audit Trail Includes:

Login Events

User authentication
Shift selection
Failed login attempts

Data Changes

Production reports
OT modifications
Inventory updates

Permission Usage

Approval actions
Configuration changes
User management

System Events

Machine status changes
Offline/online transitions
Sync operations

Best Practices

Principle of Least Privilege

Users should only have the minimum permissions needed for their job function.

Regular Reviews

Administrators should review user roles quarterly and adjust as needed.

Separation of Duties

Critical operations (approvals, audits) should require multiple roles.

No Shared Accounts

Each person must have their own credentials for accountability.

Sharing login credentials violates security policy and compromises audit integrity.

Next Steps

Navigation Guide

Learn how to navigate based on your role

Operator Guide

Production floor workflows

Dashboard Guide

Management interface overview

Admin Panel

System administration guide

Overview

Getting Started

Core Features

Production Modules

Inventory Management

Quality & Analytics

Administration

​Role Hierarchy

Sistemas

Jefatura

Supervisor

Asistente

Operario

Encargado

​Role Definitions

​1. Sistemas (System Administrator)

Admin Total

​Permissions

​Access Areas

​2. Jefatura (Management)

Executive Oversight

​Permissions

Ver Dashboard

Aprobar OTs

Reportes

Gestión Usuarios

​Access Areas

​3. Supervisor

Production Management

​Permissions

Asignar Tareas

Cerrar Turno

Validar Calidad

Ver OTs

​Access Areas

​4. Operario (Operator)

Production Floor

​Permissions

Registrar Producción

Ver OTs

​Access Areas

​Operator Workflow

​5. Asistente & Encargado

​Permission Matrix

​Viewing Your Role

​Sidebar Profile

​Header Display

​Role Assignment

​How Roles Are Assigned

​Security & Audit

​Audit Trail Includes:

Login Events

Data Changes

Permission Usage

System Events

​Best Practices

​Next Steps

Navigation Guide

Operator Guide

Dashboard Guide

Admin Panel

Build docs developers (and LLMs) love

Role Hierarchy

Role Definitions

1. Sistemas (System Administrator)

Permissions

Access Areas

2. Jefatura (Management)

Permissions

Access Areas

3. Supervisor

Permissions

Access Areas

4. Operario (Operator)

Permissions

Access Areas

Operator Workflow

5. Asistente & Encargado

Permission Matrix

Viewing Your Role

Sidebar Profile

Header Display

Role Assignment

How Roles Are Assigned

Security & Audit

Audit Trail Includes:

Best Practices

Next Steps