Roles and Permissions
How the permission system works, including scopes, custom roles, and default access levels.
Kenal Stamps uses a role-based access control (RBAC) system. Instead of fixed user types, your organization can create custom roles with specific permissions tailored to your team structure.
How Permissions Work
Each permission in the system has two parts:
- Resource and action - what the permission lets you do (for example, "read contracts" or "create users")
- Scope - how far that permission reaches
Permission Scopes
Scopes control how much data a user can see and act on:
| Scope | What you can access |
|---|---|
| Own | Only the contracts and data you personally created |
| Department | Everything within your assigned department |
| Organization | Everything across the entire organization |
A user with "read contracts" at the Department scope can see all contracts within their department, but not contracts from other departments.
Resources and Actions
Permissions are organized by resource. The main resources are:
| Resource | Available actions |
|---|---|
| Contracts | Create, read, update, delete |
| Reports | Read, export |
| Users | Read, invite, manage |
| Settings | Read, update |
Each action can be assigned at any scope (Own, Department, or Organization).
Default System Role
Kenal Stamps comes with one built-in role:
- Organization Admin has full access to all resources across the entire organization, including user management, role configuration, and billing.
All other roles are custom and created by your Organization Admin to match your team's needs.
Common Role Examples
While every organization is different, here are some typical role setups:
| Role name | Typical permissions |
|---|---|
| Submitter | Create and read own contracts, view own reports |
| Department Manager | Read all department contracts and reports, recall contracts |
| Organization Admin | Full access to everything, manage users and roles |
Your Organization Admin can name roles however they like and assign any combination of permissions and scopes.
Platform Admin
Platform Admin is not a role within your organization. It refers to Kenal staff who manage the platform itself. Platform Admins have access to system-wide configuration, document type management, and cross-organization reporting.
Checking Your Permissions
If you're not sure what you have access to and a feature is not visible or gives you an error, contact your Organization Admin. They can check your current role and adjust it if needed.