search

RBAC & Permissions

AdaTrack uses a robust Role-Based Access Control (RBAC) system to ensure that users have the appropriate level of access to resources. This system is applied consistently across the backend (API enforcement) and the frontend (UI visibility).

hashtag
Core Roles

Every user in AdaTrack is assigned one of the following roles:

Role
Description

ADMIN

Full system control. Can manage all users, billing, and system-wide resources. Bypasses all ownership checks.

SUPPORT

Read-only access to all user data for troubleshooting purposes. Cannot create, edit, or delete resources.

USER

Standard customer role. Can manage their own resources (Devices, Profiles, Geofences) but cannot see other users' data.

hashtag
Visibility vs. Ownership

AdaTrack distinguishes between resources you own and resources that are shared:

  • Owned Resources: Resources created by you (e.g., your devices, your geofences). You have full CRUD (Create, Read, Update, Delete) permissions.

  • System Resources: Resources with no specific owner (e.g., global device profiles provided by AdaTrack). You can view and use these, but you cannot modify or delete them.

  • Support Visibility: Support staff can see your resources to help you troubleshoot issues, but they are technically restricted from making changes on your behalf.

hashtag
Permission Slugs

Permissions are managed via "Slugs" which are checked during every API request. Examples include:

  • device:create, device:edit, device:delete

  • profile:manage

  • geofence:list, geofence:get

  • billing:view, billing:manage

hashtag
Feature Flags

In addition to RBAC, AdaTrack uses Feature Flags to enable or disable entire modules for specific users or the entire platform:

  • enable_geofencing: Toggles the geofencing and perimeter alerts module.

  • enable_statistics: Toggles advanced analytics and the query builder.

  • enable_billing: Toggles the subscription and payment management UI.

  • enable_advanced_decoders: Toggles the ability to write custom JavaScript decoders.

hashtag
Resource Protection

If you attempt to perform an action for which you do not have permission, AdaTrack will respond with a 403 Forbidden error. In the UI, unauthorized actions are typically hidden or disabled with a tooltip explaining the restriction.

hashtag
Best Practices for Administrators

  • Follow the Principle of Least Privilege: Only grant the ADMIN role to users who absolutely need it. Use the SUPPORT role for team members who only need to monitor data.

  • Regularly Audit Permissions: Review your team's access levels periodically to ensure they remain appropriate as roles change.

  • Check Ownership Badges: In the dashboard, look for the System or User badges to quickly identify who owns a specific resource.

PreviousAdministrationNextBilling & Subscriptions

Last updated