| Role | Create order draft | Confirm / dispatch order | Pack order | Record payment | Void invoice | Edit pricing |
|---|---|---|---|---|---|---|
| Owner | Allowed | Allowed | Allowed | Allowed | Allowed | Allowed |
Overview
Neev ships with seven built-in roles — Owner, Manager, Operator, Accountant, Warehouse, Delivery, Sales — and most traders never touch them. But when your shop doesn't fit the mould (a billing clerk who should also see reports, a part-timer who only records payments), you don't want to over-grant by handing out a Manager login. You can build a custom role with exactly the permissions you choose, or tune a built-in role, so every teammate sees only what their job needs.
Where to find it
The shipped team screen lives at Settings → Team (/settings/team). Only the Owner sees Settings in the sidebar. From there you invite teammates and switch any member between the six assignable roles (Manager, Operator, Accountant, Warehouse, Delivery, Sales).
Building a custom role or changing what a built-in role can do is Owner-only and currently done through the API (the rbac.roles.* procedures), not a dedicated editor screen. Everything below tells you exactly what those calls do and the rules they enforce.
Key concepts
- Role — a named bundle of permissions you assign to a teammate. A role has a key (a stable code like
BILLING_CLERK), a label (what people read), an optional description, and a set of permissions. - System role — the seven built-ins. Their keys are reserved, and they can't be archived. You can still edit a built-in role's permissions.
- Permission — a single power, like "Record payment" or "View the audit log." A role grants a set of these. The picker that lists them is the permission catalog.
- Pack permission — a permission that belongs to a paid Pack (Pharma, Dairy, Quick Commerce). You can only grant it to a role once that Pack is active for your business.
Common workflows
Every one of these is recorded: creating, editing, assigning, unassigning, and archiving a role each fire an audit event (role.created, role.updated, role.assigned, role.unassigned, role.archived), so the history is always there in the audit log.
Role notes
Managing roles is an Owner job, full stop. Both powers — creating or editing roles (rbac.roles.manage) and assigning roles to people (rbac.users.manage) — are held only by the Owner by default. The Owner holds every non-Pack permission in the system, which is why the Owner is the one who decides what every other role can do.
Two things even the Owner cannot do: grant a Pack permission to any role before that Pack is installed, and unassign the last remaining Owner. Both are hard guards, covered below.
Tips & time-savers
You don't have to rebuild a built-in role from scratch either. If Sales should also see reports, just add the "View reports" permission to the Sales role — your edit sticks across updates, because Neev only ever reconciles the defaults it seeded itself and leaves your hand-added grants alone.
Gotchas
A few more rules that will stop you mid-task:
- Reserved keys. The seven system keys (OWNER, MANAGER, OPERATOR, ACCOUNTANT, WAREHOUSE, DELIVERY, SALES) are off-limits for new roles, and you can't reuse a key already taken in your business.
- System roles can't be archived. You can edit a built-in role's permissions, but you can't delete or archive it. Only custom roles can be retired.
- Pack permissions need the Pack. Trying to grant a Pharma, Dairy, or Quick Commerce permission to a role fails until that Pack is active for your business. Install the Pack first, then grant.