Organizations

Users are grouped into organizations. An organization can be a distributor and manage a collection of other organizations. This relation can only be managed by Hexastate staff.

Roles

A role is a re-usable component that contains a set of permissions that can be used with the API.

A permission can be "Create Factory". A single role can contain a large set of these permissions. This ensures fine-grained control over which actions a role can perform against the API.

A role is associated with an organization. A role also optionally has a collection of manageable organizations. If a role has manageable organizations, its permissions will also apply to objects in its manageable organizations. This is how Hexastate distributors can be allowed access to their end users' organizations. However, this access can only be managed by Hexastate staff.

Users

A user is defined with an email and optionally a phone number. A user has a password too. For authenticating with the app, the email and password will be used to create a JWT for authenticating with the API.

A user can be assigned a role in the system by either an organization admin or Hexastate staff.

Note

If a user creates a new organization, the user will automatically be assigned the role of "Global Organization Admin". All default organization roles are being created automatically when the organization is created.

It is planned for the future that the "Enterprise" platform plan will include the ability to create custom roles in the app, allowing organizations to make roles that fit their needs.