Permissions

NORDVEST uses a role-based permissions system. Every user has exactly one role, and roles are hierarchical — higher roles inherit all the abilities of lower roles. Simple, clean, and nobody needs a flow chart to figure out what they can do.

Roles

Role Description
Admin Full access to everything, including user management and company settings
Service Manager Manages customers, assets, services, and all operational work
Technician Read-only access to assigned operational data in the web app

Roles are assigned per-tenant. An Admin at one company has zero access to another company's data — not even a peek.

Permissions by Area

Users & Company Settings

Action Admin Service Manager Technician
Add, edit, or remove users Yes — —
Reset user passwords Yes — —
Edit company settings (timezone, date format, etc.) Yes — —
Upload or remove company logo Yes — —

Customers

Action Admin Service Manager Technician
View customer list and details Yes Yes Yes
Add or edit customers Yes Yes —
Manage customer contacts Yes Yes —

Assets

Action Admin Service Manager Technician
View asset list and details Yes Yes Yes
Add, edit, or delete assets Yes Yes —
Manage components on assets Yes Yes —
Manage parts catalog Yes Yes —

Service Agreements

Action Admin Service Manager Technician
View service agreements Yes Yes Yes
Add, edit, or delete service agreements Yes Yes —

Service Requests

Action Admin Service Manager Technician
View service requests Yes Yes Yes
Create service requests Yes Yes —
Edit or delete service requests Yes Yes —

Service Requests & Work

Action Admin Service Manager Technician
Record work on a Service Request (web) Yes Yes —

We Owes

Action Admin Service Manager Technician
View own We Owes Yes Yes Yes
View all We Owes Yes Yes —
Create, edit, or fulfill We Owes Yes Yes —
Manage sub-tasks Yes Yes —

Notifications

Action Admin Service Manager Technician
Watch records and receive notifications Yes Yes Yes
View notification list Yes Yes Yes

Next Up

Action Admin Service Manager Technician
View the Next Up page Yes Yes Yes

Settings

Action Admin Service Manager Technician
Manage company settings Yes — —
Manage company logo Yes — —
Manage asset types Yes Yes —
Manage component types Yes Yes —
Manage custom fields Yes Yes —
Manage asset templates Yes Yes —

Personal Settings

Action Admin Service Manager Technician
Edit own profile Yes Yes Yes
Change own password Yes Yes Yes
Enable two-factor authentication Yes Yes Yes
Change appearance (theme) Yes Yes Yes

What Each Role Sees

Your role determines what shows up in the sidebar and what buttons are available on each page.

Admin

Sees everything: Next Up, Service Requests, Service Agreements, Oil Samples, We Owes, Notifications, Customers, Assets, Parts Catalog, Users, and all Settings. The full buffet.

Service Manager

Sees everything an Admin sees except user management and company-level settings. Can create, edit, and manage all operational data — customers, assets, services, agreements, requests, and We Owes. Basically runs the day-to-day show.

Technician

Sees Next Up, customer and asset details (read-only), service agreements and requests (read-only), We Owes (own only), and Notifications. No Settings link in the sidebar — personal settings are tucked in the user menu dropdown.

How It Works

Permissions are enforced at three layers, because one lock is never enough:

  1. Navigation — Menu items and buttons you don't have access to simply don't appear. Out of sight, out of mind.
  2. Routes — Trying to access a restricted URL directly? You'll get a 403 Forbidden response. The door's locked.
  3. Actions — Server-side checks run on every create, update, and delete. Even if someone crafts a sneaky request, it won't go through.

This means even if a URL is guessed or bookmarked from a screen share, unauthorized actions are blocked at every level.

Tenant Isolation

All permissions operate within your company's tenant. Users from one company can never access another company's data, regardless of their role. This is enforced automatically and at every layer — it's not optional, it's not configurable, it just works.