Roles & Permissions
Role Hierarchy
| Role | Vietnamese | Access Level |
|---|---|---|
bod | Ban Giám Đốc | Full access (Level 4) |
warehouse_manager | Quản Lý Kho | Warehouse + HR (Level 3) |
hr | Nhân Sự | HR functions (Level 3) |
warehouse_leader | Trưởng Ca | Operations (Level 2) |
staff | Nhân Viên | Read-only own data (Level 1) |
Action Permission Matrix
| Action | Staff | Leader | Manager | HR | BOD |
|---|---|---|---|---|---|
| View dashboard | ✅ | ✅ | ✅ | ✅ | ✅ |
| Create violation | ❌ | ✅ | ✅ | ❌ | ✅ |
| Confirm violation | ❌ | ✅ | ✅ | ❌ | ✅ |
| Approve recovery | ❌ | ❌ | ✅ | ❌ | ✅ |
| Approve bonus | ❌ | ❌ | ✅ | ❌ | ✅ |
| Approve scores | ❌ | ❌ | ✅ | ✅ | ✅ |
| Finalize scores | ❌ | ❌ | ❌ | ✅ | ✅ |
| Manage config | ❌ | ❌ | ❌ | ✅ | ✅ |
| Export CSV | ❌ | ❌ | ✅ | ✅ | ✅ |
| View reports | ❌ | ❌ | ✅ | ✅ | ✅ |
Warehouse Scoping
- BOD and HR accounts have access to all warehouses
- Warehouse Manager and Leader accounts are scoped to their assigned warehouse
- The
warehouse_idfield on the user profile determines data visibility
Auth Header
All API requests must include:
X-User-Id: <user_id>
The backend uses this header to determine the user's role and warehouse scope for data filtering.