Permissions
NORDVEST uses a role-based permissions system. Every user has exactly one role, and roles are hierarchical — higher roles inherit all the abilities of lower roles. Simple, clean, and nobody needs a flow chart to figure out what they can do.
Roles
| Role | Description |
|---|---|
| Admin | Full access to everything, including user management and company settings |
| Service Manager | Manages customers, assets, services, and all operational work |
| Technician | Read-only access to data in the web app; can submit work from the mobile app |
Roles are assigned per-tenant. An Admin at one company has zero access to another company's data — not even a peek.
Permissions by Area
Users & Company Settings
| Action | Admin | Service Manager | Technician |
|---|---|---|---|
| Add, edit, or remove users | Yes | — | — |
| Reset user passwords | Yes | — | — |
| Edit company settings (timezone, date format, etc.) | Yes | — | — |
| Upload or remove company logo | Yes | — | — |
Customers
| Action | Admin | Service Manager | Technician |
|---|---|---|---|
| View customer list and details | Yes | Yes | Yes |
| Add or edit customers | Yes | Yes | — |
| Manage customer contacts | Yes | Yes | — |
Assets
| Action | Admin | Service Manager | Technician |
|---|---|---|---|
| View asset list and details | Yes | Yes | Yes |
| Add, edit, or delete assets | Yes | Yes | — |
| Manage components on assets | Yes | Yes | — |
| Manage parts catalog | Yes | Yes | — |
Service Agreements
| Action | Admin | Service Manager | Technician |
|---|---|---|---|
| View service agreements | Yes | Yes | Yes |
| Add, edit, or delete service agreements | Yes | Yes | — |
Service Requests
| Action | Admin | Service Manager | Technician |
|---|---|---|---|
| View service requests | Yes | Yes | Yes |
| Create service requests | Yes | Yes | — |
| Edit or delete service requests | Yes | Yes | — |
Services & Work
| Action | Admin | Service Manager | Technician |
|---|---|---|---|
| Record work on a service (web) | Yes | Yes | — |
| Submit work from mobile app | Yes | Yes | Yes |
| Review work submissions | Yes | Yes | — |
We Owes
| Action | Admin | Service Manager | Technician |
|---|---|---|---|
| View own We Owes | Yes | Yes | Yes |
| View all We Owes | Yes | Yes | — |
| Create, edit, or fulfill We Owes | Yes | Yes | — |
| Manage sub-tasks | Yes | Yes | — |
Scratch Pad
| Action | Admin | Service Manager | Technician |
|---|---|---|---|
| View and create notes | Yes | Yes | — |
| Pin and manage notes | Yes | Yes | — |
Notifications
| Action | Admin | Service Manager | Technician |
|---|---|---|---|
| Watch records and receive notifications | Yes | Yes | Yes |
| View notification list | Yes | Yes | Yes |
Next Up
| Action | Admin | Service Manager | Technician |
|---|---|---|---|
| View the Next Up page | Yes | Yes | Yes |
Settings
| Action | Admin | Service Manager | Technician |
|---|---|---|---|
| Manage company settings | Yes | — | — |
| Manage company logo | Yes | — | — |
| Manage asset types | Yes | Yes | — |
| Manage component types | Yes | Yes | — |
| Manage custom fields | Yes | Yes | — |
| Manage asset templates | Yes | Yes | — |
Personal Settings
| Action | Admin | Service Manager | Technician |
|---|---|---|---|
| Edit own profile | Yes | Yes | Yes |
| Change own password | Yes | Yes | Yes |
| Enable two-factor authentication | Yes | Yes | Yes |
| Change appearance (theme) | Yes | Yes | Yes |
What Each Role Sees
Your role determines what shows up in the sidebar and what buttons are available on each page.
Admin
Sees everything: Next Up, Service Requests, Service Agreements, Work Submissions, Oil Samples, We Owes, Scratch Pad, Notifications, Customers, Assets, Parts Catalog, Users, and all Settings. The full buffet.
Service Manager
Sees everything an Admin sees except user management and company-level settings. Can create, edit, and manage all operational data — customers, assets, services, agreements, requests, We Owes, and Scratch Pad notes. Basically runs the day-to-day show.
Technician
Sees Next Up, customer and asset details (read-only), service agreements and requests (read-only), We Owes (own only), and Notifications. No Settings link in the sidebar — personal settings are tucked in the user menu dropdown. Can submit work through the mobile app for service manager review.
How It Works
Permissions are enforced at three layers, because one lock is never enough:
- Navigation — Menu items and buttons you don't have access to simply don't appear. Out of sight, out of mind.
- Routes — Trying to access a restricted URL directly? You'll get a 403 Forbidden response. The door's locked.
- Actions — Server-side checks run on every create, update, and delete. Even if someone crafts a sneaky request, it won't go through.
This means even if a URL is guessed or bookmarked from a screen share, unauthorized actions are blocked at every level.
Tenant Isolation
All permissions operate within your company's tenant. Users from one company can never access another company's data, regardless of their role. This is enforced automatically and at every layer — it's not optional, it's not configurable, it just works.