> ## Documentation Index
> Fetch the complete documentation index at: https://developers.novala.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Roles and permissions: control team access in Novala

> Control what each team member can see and do in Novala. Configure built-in roles or customize permissions for any role from Settings → Roles.

Every user in Novala is assigned a role that determines which parts of the platform they can access and what actions they can take. Novala ships with a set of built-in roles designed for the most common team structures, and admins can fine-tune permissions for any role at any time.

## Built-in roles

Novala includes the following roles out of the box:

<CardGroup cols={2}>
  <Card title="Admin" icon="shield">
    Full access to all modules, settings, and data. Admins can invite users, manage roles, configure integrations, and modify any record.
  </Card>

  <Card title="Coordinator" icon="clipboard-list">
    Manages day-to-day operations: creating and assigning work orders, reviewing inspection results, managing scheduling, and sending invoices to customers.
  </Card>

  <Card title="Technician" icon="hard-hat">
    Field-focused access. Technicians can perform inspections, update work order status from the field, and view their assigned schedule.
  </Card>

  <Card title="Sales" icon="chart-line">
    View leads, manage pipeline and contacts, and create quotes. Sales users do not have access to work orders, invoicing, or settings.
  </Card>
</CardGroup>

Additional roles available include **Office Manager**, **Warehouse Manager**, **Warehouse Associate**, **Project Lead**, and **CMS Editor**, each with permissions appropriate to their function.

## Default permission comparison

| Capability                    | Admin | Coordinator | Technician | Sales |
| ----------------------------- | :---: | :---------: | :--------: | :---: |
| Manage settings               |  Yes  |      —      |      —     |   —   |
| Invite and manage users       |  Yes  |      —      |      —     |   —   |
| View and edit contacts        |  Yes  |     Yes     |      —     |  Yes  |
| Manage pipeline and deals     |  Yes  |     Yes     |      —     |  Yes  |
| Create and send quotes        |  Yes  |     Yes     |      —     |  Yes  |
| Create and assign work orders |  Yes  |     Yes     |      —     |   —   |
| Update work order status      |  Yes  |     Yes     |     Yes    |   —   |
| Perform inspections           |  Yes  |     Yes     |     Yes    |   —   |
| Review inspection reports     |  Yes  |     Yes     |      —     |   —   |
| Manage scheduling             |  Yes  |     Yes     |      —     |   —   |
| Send invoices                 |  Yes  |     Yes     |      —     |   —   |
| Access financial reports      |  Yes  |      —      |      —     |   —   |

## View and edit permissions

Navigate to **Settings → Roles** to see all roles and the full permission matrix.

Permissions are organized by module. Each row in the matrix is a specific action (for example, `inspection.create` or `invoice.send`), and each column is a role. You can check or uncheck any permission for any non-admin role.

<Steps>
  <Step title="Open Roles settings">
    Go to **Settings → Roles**. You'll see a table with roles as columns and permissions grouped by module as rows.
  </Step>

  <Step title="Find the permission you want to change">
    Use the search box at the top right to filter by module name or permission key. Permissions follow the format `module.resource.action` — for example, `calso.inspection.create` or `invoicing.invoice.send`.
  </Step>

  <Step title="Toggle the permission">
    Click the checkbox at the intersection of the permission row and the role column. Changes save automatically.
  </Step>
</Steps>

<Note>
  The **Admin** role always has full access and cannot be modified. Changes to other roles apply immediately to all users assigned to that role.
</Note>

### Reading the permission matrix

The matrix uses color coding to help you understand the state of each permission:

* **Checked (default style)** — the permission is enabled and was part of the role's original defaults
* **Checked (blue)** — the permission was added as a custom override on top of the defaults
* **Unchecked (orange border)** — the permission is disabled but was part of the role's original defaults, meaning it was explicitly removed

This makes it easy to see which roles you've customized and which permissions have been changed from the standard configuration.

## Assign a role to a user

<Steps>
  <Step title="Go to Users settings">
    Navigate to **Settings → Users** and find the user you want to update.
  </Step>

  <Step title="Open the user's profile">
    Click the user's row to open their detail page.
  </Step>

  <Step title="Change their role">
    Select a new role from the **Role** dropdown and save. The change takes effect on the user's next page load.
  </Step>
</Steps>

<Tip>
  When you invite a new user (**Settings → Users → Invite User**), you assign their role at the time of invitation. You can always change it later.
</Tip>

## Permission key reference

Permission keys follow the format `module.resource.action`. The module prefix corresponds to the module name in Novala:

| Prefix       | Module        |
| ------------ | ------------- |
| `platform`   | Platform core |
| `contacts`   | Contacts      |
| `calso`      | Inspections   |
| `equipment`  | Equipment     |
| `invoicing`  | Invoicing     |
| `scheduling` | Scheduling    |
| `quoting`    | Quoting       |
| `contracts`  | Contracts     |
| `expenses`   | Expenses      |
| `inventory`  | Inventory     |
| `workflows`  | Workflows     |
| `messaging`  | Messaging     |

Examples: `calso.inspection.create`, `invoicing.invoice.send`, `contacts.company.delete`.