The permission system in enrutar is designed to be simple to understand and easy to maintain, avoiding complex configurations with dozens of combinations. For this reason, each employee must have exactly one of these three levels: Restricted Access, Management Access or Full Access.
Permission levels in enrutar
Full Access
Gives complete access to the entire application within the organization, including permission management.
- Full access to all entities.
- Can manage roles and access levels (with one exception: cannot change their own access level).
Management Access
Gives access to all daily operations, but limits sensitive actions related to account administration.
- Full access to almost the entire application.
- Cannot manage the subscription and payments section.
- Cannot change roles or access levels of users.
Restricted Access
This is the most limited level and is designed for field staff. It is built around the work order as the central piece.
The logic is:
- If an employee is added as an assignee of a work order, or as an operator in an appointment of a work order, then they gain access to everything related to that work order.
- This includes, for example:
This philosophy allows a person with restricted access to have everything they need to carry out the appointment (for example, calling the customer), without opening access to information that doesn't concern them.
Permission table
General permission rules
| Permission Level |
Read Access |
Write Access |
Special Rules |
| RESTRICTED |
Only assigned entities (via calculated assignment) |
Very limited (see rules per entity) |
Designed for field staff with minimal editing permissions |
| MANAGEMENT |
All entities in the organization |
Full on most entities |
Cannot change user roles or access levels |
| FULL |
All entities in the organization |
Full |
Can change roles and access levels (except their own access level) |
Permission tables by entity
Work Orders
| Permission |
Read |
Create |
Update |
Delete |
Bulk Operations |
Special |
| RESTRICTED |
Only where calculated assignment applies |
β |
β |
β |
β |
β
Can update status of assigned work orders |
| MANAGEMENT |
All |
β
|
β
|
β
|
β
|
- |
| FULL |
All |
β
|
β
|
β
|
β
|
- |
Notes:
- Calculated assignment includes: assignment to the work order OR assignment to an appointment of the work order
- RESTRICTED can access archived work orders if they were assigned before archiving
Appointments
| Permission |
Read |
Create |
Update |
Delete |
Update Status |
Generate Reports |
| RESTRICTED |
Only for assigned work orders OR assigned to the appointment |
β |
β |
β |
β
For accessible appointments |
β
Only for themselves |
| MANAGEMENT |
All |
β
|
β
|
β
|
β
|
β
For all users |
| FULL |
All |
β
|
β
|
β
|
β
|
β
For all users |
Materials
| Permission |
Read |
Create |
Update |
Delete |
Complete / Uncomplete |
| RESTRICTED |
Only for assigned work orders |
β |
β |
β |
β
For assigned work orders (including archived ones) |
| MANAGEMENT |
All |
β
|
β
|
β
|
β
|
| FULL |
All |
β
|
β
|
β
|
β
|
Customers
| Permission |
Read |
Create |
Update |
Delete |
Access to phones/emails |
| RESTRICTED |
Only with assigned work orders |
β |
β |
β |
β
For accessible customers |
| MANAGEMENT |
All |
β
|
β
|
β
|
β
|
| FULL |
All |
β
|
β
|
β
|
β
|
Notes:
- RESTRICTED can access customers with archived work orders if they were assigned before archiving
Routes
| Permission |
Read |
Create |
Update |
Delete |
Assign / Unassign |
| RESTRICTED |
β
All |
β |
β |
β |
β |
| MANAGEMENT |
β
All |
β
|
β
|
β
|
β
|
| FULL |
β
All |
β
|
β
|
β
|
β
|
Checklist templates
| Permission |
Read |
Create |
Update |
Delete |
Complete / Uncomplete items |
| RESTRICTED |
β
All |
β |
β |
β |
β
If assigned to the appointment |
| MANAGEMENT |
β
All |
β
|
β
|
β
|
β
|
| FULL |
β
All |
β
|
β
|
β
|
β
|
| Permission |
Read |
Create |
Update |
Delete |
| RESTRICTED |
β
All |
β |
β |
β |
| MANAGEMENT |
β
All |
β
|
β
|
β
|
| FULL |
β
All |
β
|
β
|
β
|
Work order statuses
| Permission |
Read |
Create |
Update |
Delete |
| RESTRICTED |
β
All |
β |
β |
β |
| MANAGEMENT |
β
All |
β
|
β
|
β
|
| FULL |
β
All |
β
|
β
|
β
|
Time entries
| Permission |
Read |
Create |
Update |
Delete |
| RESTRICTED |
β
Own only |
β |
β |
β |
| MANAGEMENT |
β
All |
β
|
β
|
β
|
| FULL |
β
All |
β
|
β
|
β
|
Work reports
| Permission |
Read |
Create |
Update |
Delete |
| RESTRICTED |
β
For assigned work orders OR created by themselves |
β
Only for assigned work orders |
β
Only reports created by themselves |
β
Only reports created by themselves |
| MANAGEMENT |
β
All |
β
|
β
|
β
|
| FULL |
β
All |
β
|
β
|
β
|
Notes:
- RESTRICTED can access reports from archived work orders if they were assigned before archiving
Reports
| Permission |
Statistics |
Time entry report |
| RESTRICTED |
β |
β
Own records only |
| MANAGEMENT |
β
|
β
All records |
| FULL |
β
|
β
All records |
Users
| Permission |
Read |
Update self |
Update others |
Change role |
Change access level |
Change status |
| RESTRICTED |
β
All |
β
(name, email, phone only) |
β |
β (not own) |
β (not own) |
β (not own) |
| MANAGEMENT |
β
All |
β
|
β
(except role/access) |
β |
β |
β
|
| FULL |
β
All |
β
|
β
|
β
|
β
(not own) |
β
|
| Permission |
Work Orders |
Appointments |
Reports |
Threads |
| RESTRICTED |
β
Only for customers with assigned work orders |
β
Only for customers with assigned work orders |
β
Only for customers with assigned work orders |
β
Only for customers with assigned work orders |
| MANAGEMENT |
β
All |
β
All |
β
All |
β
All |
| FULL |
β
All |
β
All |
β
All |
β
All |
Key concepts
Calculated assignment: a user is considered assigned by calculation to a work order if:
- They are directly assigned to the work order, OR
- They are assigned to at least one appointment of that work order
Archived work orders: RESTRICTED users maintain access to archived work orders/materials/customers/reports if they were assigned before archiving.