Permissions Reference
AutoCom has 68 permissions organized into 12 functional groups. This page provides a complete reference for all available permissions.
Permission Naming Convention
Permissions follow a consistent naming pattern:
{group}.{action}
Examples:
orders.view - View ordersproducts.create - Create productsteam.manage_roles - Manage team roles
Dashboard (2 permissions)
| Permission |
Description |
Sensitivity |
dashboard.view |
View main dashboard |
Normal |
dashboard.view_analytics |
View analytics widgets on dashboard |
Normal |
Orders (9 permissions)
| Permission |
Description |
Sensitivity |
orders.view |
View order list and details |
Normal |
orders.create |
Create new orders manually |
Normal |
orders.edit |
Edit order details |
Normal |
orders.delete |
Delete orders |
Sensitive |
orders.export |
Export orders to CSV/Excel |
Normal |
orders.bulk_update |
Perform bulk operations on orders |
Normal |
orders.assign |
Assign orders to team members |
Normal |
orders.cancel |
Cancel orders |
Sensitive |
orders.refund |
Process order refunds |
Sensitive |
Customers (7 permissions)
| Permission |
Description |
Sensitivity |
customers.view |
View customer list and profiles |
Normal |
customers.create |
Create new customer records |
Normal |
customers.edit |
Edit customer information |
Normal |
customers.delete |
Delete customer records |
Sensitive |
customers.export |
Export customer data |
Normal |
customers.merge |
Merge duplicate customer records |
Sensitive |
customers.view_sensitive |
View sensitive customer data (full phone, address) |
Sensitive |
Products (7 permissions)
| Permission |
Description |
Sensitivity |
products.view |
View product catalog |
Normal |
products.create |
Create new products |
Normal |
products.edit |
Edit product details |
Normal |
products.delete |
Delete products |
Sensitive |
products.import |
Bulk import products |
Normal |
products.export |
Export product catalog |
Normal |
products.manage_inventory |
Update stock levels and inventory |
Normal |
Shipping (7 permissions)
| Permission |
Description |
Sensitivity |
shipping.view |
View shipment list |
Normal |
shipping.create_label |
Generate shipping labels |
Normal |
shipping.cancel |
Cancel shipments |
Sensitive |
shipping.track |
Track shipment status |
Normal |
shipping.manage_ndr |
Handle non-delivery reports |
Normal |
shipping.manage_rto |
Handle return-to-origin |
Normal |
shipping.configure_carriers |
Configure carrier settings |
Normal |
Communication (6 permissions)
| Permission |
Description |
Sensitivity |
communication.view |
View message history |
Normal |
communication.send |
Send messages to customers |
Normal |
communication.broadcast |
Send bulk/broadcast messages |
Normal |
communication.manage_templates |
Create and edit message templates |
Normal |
communication.view_all |
View all team conversations |
Normal |
communication.assign |
Assign conversations to agents |
Normal |
Analytics (5 permissions)
| Permission |
Description |
Sensitivity |
analytics.view_dashboard |
View analytics dashboard |
Normal |
analytics.view_reports |
Access detailed reports |
Normal |
analytics.export |
Export report data |
Normal |
analytics.view_financials |
View financial/revenue data |
Sensitive |
analytics.create_reports |
Create custom reports |
Normal |
AI Operations (5 permissions)
| Permission |
Description |
Sensitivity |
ai.view |
View AI operations and status |
Normal |
ai.configure |
Configure AI models and prompts |
Normal |
ai.train |
Train/fine-tune AI models |
Normal |
ai.view_logs |
View AI operation logs |
Normal |
ai.override_responses |
Override AI-generated responses |
Normal |
Integrations (5 permissions)
| Permission |
Description |
Sensitivity |
integrations.view |
View available integrations |
Normal |
integrations.connect |
Connect new integrations |
Normal |
integrations.disconnect |
Disconnect integrations |
Sensitive |
integrations.configure |
Configure integration settings |
Sensitive |
integrations.manage_webhooks |
Manage webhook endpoints |
Sensitive |
Team (5 permissions)
| Permission |
Description |
Sensitivity |
team.view |
View team member list |
Normal |
team.invite |
Invite new team members |
Normal |
team.edit |
Edit team member details |
Normal |
team.remove |
Remove team members |
Sensitive |
team.manage_roles |
Assign and manage roles |
Sensitive |
Settings (5 permissions)
| Permission |
Description |
Sensitivity |
settings.view |
View organization settings |
Normal |
settings.edit_store |
Edit store configuration |
Normal |
settings.edit_brand |
Edit branding settings |
Normal |
settings.manage_billing |
Manage billing and subscription |
Sensitive |
settings.manage_api_keys |
Manage API keys |
Sensitive |
Administration (5 permissions)
| Permission |
Description |
Sensitivity |
admin.impersonate |
Impersonate other users |
Sensitive |
admin.audit_log |
View audit logs |
Normal |
admin.system_settings |
Configure system-level settings |
Sensitive |
admin.manage_roles |
Create and modify roles |
Sensitive |
admin.manage_permissions |
Modify permission assignments |
Sensitive |
Using Permissions in Code
Middleware-Based Authorization
Routes are protected using the tenant.permission middleware:
Route::get('/orders', [OrderController::class, 'index'])
->middleware('tenant.permission:orders.view');
Route::delete('/orders/{id}', [OrderController::class, 'destroy'])
->middleware('tenant.permission:orders.delete');
Multiple Permissions (OR logic)
Route::get('/dashboard', [DashboardController::class, 'index'])
->middleware('tenant.permission:dashboard.view,analytics.view_dashboard');
Checking Permissions in Controllers
public function index(Request $request)
{
$user = $request->user();
$tenantId = $request->header('X-Tenant');
if ($user->hasPermissionInTenant('analytics.view_financials', $tenantId)) {
// Show financial data
}
}
Checking Permissions in Frontend
The login response includes the user's permissions:
{
"user": {
"id": 1,
"name": "John Doe",
"permissions": [
"dashboard.view",
"orders.view",
"orders.create",
...
]
}
}
Use these to conditionally render UI elements:
{user.permissions.includes('orders.create') && (
<Button onClick={createOrder}>New Order</Button>
)}
Sensitive Permissions
Permissions marked as Sensitive require extra consideration:
- Audit Logging: All actions using sensitive permissions are logged
- Limited Assignment: Only Owner and Admin roles have most sensitive permissions
- Confirmation Required: UI should require confirmation for sensitive actions
- Cannot Be Self-Assigned: Users cannot grant themselves sensitive permissions
Permission Groups API
Fetch all permissions organized by group:
GET /api/v1/team/permissions
Authorization: Bearer {token}
X-Tenant: my-store
Response:
{
"permission_groups": [
{
"id": 1,
"slug": "dashboard",
"name": "Dashboard",
"icon": "layout-dashboard",
"permissions": [
{
"id": 1,
"name": "dashboard.view",
"description": "View main dashboard",
"is_sensitive": false
}
]
}
]
}