Resources / Guide: Role-based access

How-to guide · 6 min read

How to set up role-based access that scales

Access control that's too loose leaks data; too tight and people can't work. Here is how to design role-based access that stays secure and usable as you grow.

The principles

Good access control is least-privilege by default, role-driven, and inherited everywhere so there's one place to reason about who can do what.

  • Grant by role, not by person, wherever possible.
  • Use sub-roles for finer distinctions (e.g. admin with a super sub-role).
  • Inherit the same model across every module.
  • Review access periodically.

Setting it up in Prime RP

  1. Define roles (engineer, supervisor, accounting, admin, etc.) and any sub-roles.
  2. Attach per-user permissions where a role needs a tweak.
  3. Let every module — chat, approvals, finance — inherit that model.
  4. Use the Control Panel to review and audit access org-wide.

Why it scales

  • One model governs the whole platform, so there's no per-app drift.
  • Channels and records are visible only to the right people automatically.
  • Audits can see who could do what, and who did.

The payoff

A single role model inherited across the ERP keeps data safe and people productive — and Prime RP applies it everywhere, including chat and video.