Roles Management

A Role in DaaI Business Suite is a permission template that defines what a user is allowed to do within the system. It defines the permissions for modules and activities that a user can access. For example, if you have an employee who needs access to view everyone’s salary, create a new role, select the Salary Module, specify the permissions, save it, and assign this role to the user. All users with this role will then be able to access everyone’s salary information.

📍 Where to find Roles

Open Users > Roles from the main navigation menu (route /daai/authorities).

🔧 Roles control:

• Which modules (like Sales, HR, Expenses) a user can access.
• Which actions the user can perform in each module (such as Create, View, Edit, Delete).

🧩 How permissions work

Each role exposes a row of toggles per module covering the standard set: Create / Read_Own / Read_All / Update / Delete / Changelog / Print_Record / Download, plus module-specific permissions where applicable (e.g., Leave_Approval, Leave_Override, Salary_Payment, Change_Password, Reports filters like PnL / Sales / Marketing, Statements filters like TDS Expenses / GST Expenses).

Reference: List of Roles & Permissions.

By assigning roles to users, you can:

• Enforce consistent access control.
• Limit access to sensitive information.
• Ensure users only perform actions relevant to their job responsibilities.

🛡️ Default System Roles

DaaI Business Suite ships with two system-generated default roles. To learn more, see the System Default Roles article.

• Basic Employee Access
  • Limited access to own data only:
    • Dashboard (Holidays, Announcements)
    • HRM:
      • Employee (Own Read Only)
      • Timesheet (Own Read Only)
      • Leaves (Apply + Own Read Only)
      • Salary (Own Read Only)
• Super Admin
  • Full access to all modules and permissions across the entire system.

These roles are non-editable, non-deletable, and hidden from the Roles section.

Based on your subscription plan, you can assign a limited number of users with Admin or other custom-created roles. Once that limit is reached, you can still assign Basic Employee Access to additional users up to the total user count allowed in your plan.

🎯 Purpose of Roles

Roles are designed to:

• Simplify user permission management.
• Reduce errors from manually configuring permissions for each user.
• Enable quick onboarding of employees by assigning preconfigured access rights.

👥 How Roles Are Used

Roles are created once and can be assigned to multiple users.

Example Use Cases:

• A Finance Manager role with access to Invoices, Payments, and Financial Reports.
• A Project Lead role with access to Projects, Tasks, and Timesheets but no access to HR or Payroll.
• An HR Executive role with permissions to manage Employees, Leaves, and Salary Payments.

Roles can be combined if a user has multiple responsibilities — all permissions from all assigned roles are merged.

✅ Best Practices

• Create roles based on job functions (“Finance Manager”, “Project Lead”), not individual names.
• Assign only the necessary permissions to each role to avoid unauthorized access.
• Review roles regularly to ensure they align with your organizational policies.
• Test roles with a sample user account before rolling them out broadly.

⚙️ Admin note: When a developer adds a new permission module, three back-end writes are required to surface it in this UI — a section configuration entry, a Module collection document, and a Role.module-permissions list stub. Missing any one of these silently hides the module from the Roles screen.