Navigation Path: Admin Dashboard → Settings → User Roles & Permissions
URL:
URL:
/admin/PermissionOptionOverview
Create custom user roles and configure granular access permissions to control what different users can see and do on your platform.Roles
Create and manage roles
Permissions
Granular access control
Access Levels
Define role capabilities
Security
Protect sensitive areas
User Roles
Define different user types with specific permissions and access levels.Default Roles
| Role | Typical Use | Access Level |
|---|---|---|
| Administrator | Platform owners | Complete control |
| Manager | Team leads | Most features |
| Support | Customer service | Customer-facing features |
| User | Regular customers | Basic features only |
| Guest | Trial users | Minimal access |
Creating Custom Roles
- Click “Add Role” button in the User Roles section
- Choose a descriptive name for the role (e.g., “Sales Team”, “Technical Support”)
- Configure feature access by selecting appropriate permissions
- Review all permissions to ensure they match the role’s responsibilities
- Save the role to make it available for assignment to users
Permission Categories
Configure granular access control across different areas of your platform.Dashboard & Overview
- Full Access, Limited Access, or No Access to dashboard widgets
User Management
| Permission | Description |
|---|---|
| View Users | See list of all users |
| Create Users | Add new accounts |
| Edit Users | Modify user information |
| Delete Users | Remove accounts |
| Assign Roles | Change user roles |
Website Management
| Permission | Description |
|---|---|
| View Websites | See all websites |
| Create Websites | Create new websites |
| Edit Websites | Modify settings |
| Delete Websites | Remove websites |
| Suspend Websites | Disable websites |
| Access Control Panel | DirectAdmin access |
Domain Management
| Permission | Description |
|---|---|
| View Domains | See all domains |
| Register Domains | Register new domains |
| Manage DNS | Edit DNS records |
| Transfer Domains | Initiate transfers |
| Renew Domains | Process renewals |
Billing & Payments
| Permission | Description |
|---|---|
| View Invoices | See all invoices |
| Create Invoices | Generate invoices |
| Process Payments | Accept payments |
| Issue Refunds | Process refunds |
| View Reports | Financial reports |
| Manage Pricing | Edit pricing |
Settings & Configuration
| Permission | Description |
|---|---|
| General Settings | Modify platform settings |
| Payment Gateway | Configure payments |
| Email Settings | Manage email config |
| API Settings | Access API credentials |
| Security Settings | Modify security |
Support & Tickets
| Permission | Description |
|---|---|
| View Tickets | See all tickets |
| Create Tickets | Open tickets |
| Reply to Tickets | Respond to customers |
| Close Tickets | Mark resolved |
| Assign Tickets | Assign to team |
| Delete Tickets | Remove tickets |
Permission Levels: Each permission can be set to Full Access (complete control), Read-Only (view only), Limited (specific actions), or No Access (feature hidden).
Common Role Configurations
- Customer Service
- Sales Team
- Technical Support
- Finance
- Dashboard: Limited (customer metrics)
- View Users: Read-only
- Edit Users: Limited (contact info only)
- View Websites: Read-only
- Suspend Websites: Yes
- Tickets: Full access
- Invoices: Read-only
- Settings: No access
Best Practices
Principle of Least Privilege
Principle of Least Privilege
- Grant minimum necessary access for each role
- Start with minimal permissions and add as needed
- Review permissions regularly (quarterly recommended)
- Remove unnecessary permissions promptly
- Document why each permission is granted
- Require justification for permission increases
- Audit permission usage to identify unused access
Role Separation
Role Separation
- Separate conflicting responsibilities (e.g., finance and technical)
- Require multiple approvals for sensitive actions
- Don’t combine financial and technical full access in one role
- Create specialized roles for specific functions
- Avoid creating “super users” with all permissions
- Use role hierarchy to organize permissions logically
- Document role responsibilities clearly
Access Control
Access Control
- Limit payment settings access to finance team only
- Restrict API credentials to technical administrators
- Control data deletion permissions carefully
- Monitor admin actions with logging
- Require strong passwords for all admin accounts
- Enable two-factor authentication for sensitive roles
- Set up alerts for critical permission changes
User Lifecycle Management
User Lifecycle Management
- Assign appropriate role immediately upon account creation
- Revoke all access when employee leaves organization
- Transfer ownership of work before removing access
- Change shared passwords after employee departure
- Review and update roles when job responsibilities change
- Maintain list of who has what access
- Conduct regular access reviews
Troubleshooting
User Can't Access Feature
User Can't Access Feature
Issue: User receives “access denied” or feature is hiddenSolutions:
- Verify user’s assigned role in user management
- Check role permissions for the specific feature
- Grant necessary permissions to the role
- Clear application cache
- Have user log out and log back in
- Test with different user account to isolate issue
Permissions Not Applying
Permissions Not Applying
Issue: Permission changes don’t take effectSolutions:
- Save permission changes again
- User must log out and back in for changes to apply
- Clear application and session cache
- Test in incognito/private browsing mode
- Verify no conflicting permissions exist
- Check for permission inheritance issues
Too Many Administrators
Too Many Administrators
Issue: Too many users have admin accessSolutions:
- Audit all users with admin role
- Create appropriate custom roles for specific needs
- Downgrade unnecessary administrators to custom roles
- Implement regular permission reviews
- Document who needs admin access and why
- Set up approval process for admin access
Role Changes Not Saving
Role Changes Not Saving
Issue: Role configuration changes don’t persistSolutions:
- Check for validation errors on save
- Verify you have permission to modify roles
- Clear browser cache and try again
- Check server logs for errors
- Ensure database connection is stable
- Try creating role with different name
Quick Reference
Permission Checklist
Creating a Role:- Choose clear, descriptive name
- Define job function and responsibilities
- Set minimum necessary permissions
- Test with dummy account before deployment
- Document role purpose and permissions
- Get approval from management
- Quarterly permission audits
- Remove inactive users promptly
- Update roles for job changes
- Review admin access regularly
- Update role documentation
- Monitor permission usage
Common Permission Combinations
| Need | Permissions |
|---|---|
| View customer info | View Users (read-only) |
| Create accounts | View + Create Users |
| Manage support | View/Reply/Close Tickets |
| Process orders | View Users + Create Invoices + Process Payments |
| Technical support | View/Edit Websites + Manage DNS + View Tickets |