The Roles page lets administrators define roles with specific permission sets and assign them to users.
How RBAC Works
TallySale uses a Role-Based Access Control (RBAC) system powered by CASL:
- Abilities — Individual permissions defined as
action+subject(e.g.,create+Invoice) - Roles — Named collections of abilities (e.g., "Finance Manager" with invoice and settlement abilities)
- Users — Each user is assigned exactly one role
Role List
| Column | Description |
|---|---|
| Name | Role name (e.g., "Admin", "Billing Clerk") |
| Abilities | Number of assigned permissions |
| Users | Number of users with this role |
| Actions | View, Edit, Delete |
Creating a Role
- Click New Role.
- Enter a Role Name.
- Select Abilities — check the permissions this role should have.
Abilities are grouped by subject:
| Subject | Available Actions |
|---|---|
| User | index, create, read, update, delete |
| Seller | index, create, read, update, delete |
| SellerApp | index, create, read, update, delete |
| SellerInvoice | index, create, read, update, delete |
| Invoice | index, read |
| Customer | index, read, update |
| Settlement | index, create, read |
| SellerLevel | index, create, read, update, delete |
| Role | index, create, read, update, delete |
| Setting | index, create, read, update |
| PlatformFeeRule | index, create, read, update, delete |
| CreditNote | index, create, read |
| Payment | index |
- Click Save.
Effect on Navigation
When a user logs into the portal, the sidebar automatically hides menu items they do not have index permission for. For example:
- A user without
indexonSettlementwill not see the Settlements menu item - A user without
createonSellerInvoicewill not see the Create Invoice button
This is enforced both in the frontend (sidebar visibility, button display) and the backend (API authorization middleware).
📸 Screenshot: Role creation with ability checkboxes — to be added