tallysale.com

The Roles page lets administrators define roles with specific permission sets and assign them to users.

How RBAC Works

TallySale uses a Role-Based Access Control (RBAC) system powered by CASL:

  1. Abilities — Individual permissions defined as action + subject (e.g., create + Invoice)
  2. Roles — Named collections of abilities (e.g., "Finance Manager" with invoice and settlement abilities)
  3. Users — Each user is assigned exactly one role

Role List

Column Description
Name Role name (e.g., "Admin", "Billing Clerk")
Abilities Number of assigned permissions
Users Number of users with this role
Actions View, Edit, Delete

Creating a Role

  1. Click New Role.
  2. Enter a Role Name.
  3. Select Abilities — check the permissions this role should have.

Abilities are grouped by subject:

Subject Available Actions
User index, create, read, update, delete
Seller index, create, read, update, delete
SellerApp index, create, read, update, delete
SellerInvoice index, create, read, update, delete
Invoice index, read
Customer index, read, update
Settlement index, create, read
SellerLevel index, create, read, update, delete
Role index, create, read, update, delete
Setting index, create, read, update
PlatformFeeRule index, create, read, update, delete
CreditNote index, create, read
Payment index
  1. Click Save.

Effect on Navigation

When a user logs into the portal, the sidebar automatically hides menu items they do not have index permission for. For example:

  • A user without index on Settlement will not see the Settlements menu item
  • A user without create on SellerInvoice will not see the Create Invoice button

This is enforced both in the frontend (sidebar visibility, button display) and the backend (API authorization middleware).

📸 Screenshot: Role creation with ability checkboxes — to be added