Roles (Functions)
Access prerequisites
- Permission (module):
manageRoles - License/Feature: None
- Menu container: GENERAL → Users group
What it is / when to use
Screen for defining Roles in the BackOffice. A Role is a named set of modules (areas/actions). Here you create, edit, view and delete roles and choose which modules each one grants. The roles created here are later assigned to administrators in User permissions. Use it when setting up access profiles (e.g., "Support", "Finance", "Compliance").
Prerequisites
- Permission:
manageRoles(CPM enum + dynamic module in the DB). - License/Feature: none.
- Dependencies: the Modules available for selection come from the catalog managed in Permission modules — a module can only be assigned to a role if it exists in that catalog.
Step by step
- Go to the menu Users → Roles (
/users/roles). - Use the name search to locate a role.
- Click Add to create one; or use the view/edit/delete icons on the row.
- In the dialog: give the role a name and move modules between Available and Assigned (click a module to toggle it).
- Save (create) or Edit/Save (existing).
Fields (Role dialog)
| Field | Description | Required? | System/backend effect |
|---|---|---|---|
| Name | Name of the role | Yes | Identifies the role; saved via addRoles/editUser (CPM-RoleController). Required to confirm |
| Assigned modules | Set of modules granted by the role | Yes (at least 1) | Defines what the admin holding this role can see and execute. Saved in roles.modules. The UI uses the flags to enable buttons (*appHasPermission) and the backend uses the enum to validate routes |
The dialog accepts roles in two
modulesformats (legacy array[{id, module, description}]or object{ "viewUsers": true }) and normalises to the displayed list, preserving keys outside the catalog on save so they are not lost.
Most-used modules (reference)
The full list comes from the Modules catalog. Examples of keys and what they grant:
| Module | Grants |
|---|---|
admin | Broad administrative access (guards on multiple screens) |
viewUsers / viewUser | User list and details |
manageRoles | This screen and User permissions |
manageToken | Tokenisation, NFTs, collections, holders, packages |
viewPayments / viewWithdrawals | Manual payments / withdrawals |
viewGeneralJournal | General transactions / platform revenue |
manageDividends | Financial distribution |
sendBalance | Manual balance credit/debit |
manualUserAllocation | Manual allocation on behalf of a user |
getPrivateWallet | View private key |
Actions and modals
- Add / Edit: opens the role dialog. View opens in read-only mode, with the option to switch to edit mode.
- Delete: removes the role (confirmation bottom-sheet). Deleting a role that is in use leaves associated admins without that set of modules — reassign before deleting.
Business rules / caveats
Attention
- A Role without modules cannot be saved (minimum 1 module + name).
- Permission is dual. Adding a module to a role here only takes effect if the key also exists in the CPM enum (backend) and in the Modules catalog (DB). "Ghost" modules (key without catalog entry) are preserved but do not grant new actions until they are registered on both sides.
- Treat the granting of sensitive modules (
admin,sendBalance,manualUserAllocation,getPrivateWallet,panicButton) with the principle of least privilege.