Roles & Permissions
Understand and configure what users can do in Zettabit.
Overview
Zettabit uses Role-Based Access Control (RBAC):
- Roles are collections of permissions
- Users are assigned to roles
- Permissions control specific actions
How Permissions Work
Each action in Zettabit requires a permission:
resource:actionExamples:
client:read- View clientsclient:create- Add new clientssubscription:delete- Remove subscriptions
Permission Format
| Component | Description | Examples |
|---|---|---|
| Resource | What it applies to | client, subscription, package |
| Action | What can be done | read, create, update, delete |
Available Actions
| Action | Description |
|---|---|
read | View records |
create | Add new records |
update | Modify existing records |
delete | Remove records |
all | All of the above |
Available Permissions
Client Permissions
| Permission | Description |
|---|---|
client:read | View client list and details |
client:create | Add new clients |
client:update | Edit client information |
client:delete | Delete clients |
client:all | All client permissions |
Subscription Permissions
| Permission | Description |
|---|---|
subscription:read | View subscriptions |
subscription:create | Create new subscriptions |
subscription:update | Modify subscriptions |
subscription:delete | Cancel/delete subscriptions |
subscription:all | All subscription permissions |
Package Permissions
| Permission | Description |
|---|---|
package:read | View packages |
package:create | Add new packages |
package:update | Modify packages |
package:delete | Delete packages |
package:all | All package permissions |
Network Permissions
| Permission | Description |
|---|---|
server:read | View servers |
server:create | Add servers |
server:update | Modify server settings |
server:delete | Remove servers |
olt:read | View OLTs |
olt:create | Add OLTs |
olt:update | Modify OLT settings |
olt:delete | Remove OLTs |
User Permissions
| Permission | Description |
|---|---|
user:read | View users |
user:create | Add users |
user:update | Edit users |
user:delete | Remove users |
role:read | View roles |
role:create | Create roles |
role:update | Modify roles |
role:delete | Delete roles |
Settings Permissions
| Permission | Description |
|---|---|
settings:read | View settings |
settings:update | Modify settings |
audit:read | View audit logs |
Default Roles
Zettabit includes pre-configured roles:
Admin
Full system access. Use for:
- System administrators
- Business owners
- IT managers
Permissions: All
Manager
Operational management. Use for:
- Office managers
- Senior staff
- Team leads
Permissions:
- All client permissions
- All subscription permissions
- All package permissions
- All server/OLT permissions
- Settings read
- Audit read
Operator
Day-to-day operations. Use for:
- Customer service
- Technical support
- Field technicians
Permissions:
- Client: read, create, update
- Subscription: read, create, update
- Package: read
- Server: read
- OLT: read
Viewer
Read-only access. Use for:
- Auditors
- Observers
- Trainees
Permissions:
- All read permissions only
Role List
The roles page shows all configured roles:
| Column | Description |
|---|---|
| Name | Role name |
| Description | What this role is for |
| Users | Number of users with this role |
| Permissions | Count of permissions |
Viewing Role Details
Click on a role to see:
- Complete permission list
- Users assigned to this role
- When it was created/modified
Editing Default Roles
Default roles (Admin, Manager, Operator, Viewer) cannot be modified to ensure system stability. Create custom roles for different permission sets.
Custom Roles
Need different permissions? Create a custom role.
Permission Inheritance
Some permissions imply others:
client:allincludes read, create, update, delete- Having
updateusually requiresreadto work properly
Best Practices
- Start restrictive - Begin with minimal permissions, add as needed
- Match job functions - Create roles that align with actual responsibilities
- Review regularly - Audit permissions quarterly
- Document roles - Keep descriptions up to date
- Test new roles - Verify permissions work as expected
Troubleshooting
User can view but not edit
They have read but not update permission. Edit their role or assign a different one.
”Access Denied” error
The user’s role lacks the required permission. Check what permission the action needs and verify the role includes it.
Can’t create custom role
You need role:create permission. Only Admin users have this by default.