Roles & Permissions
DealerPortal doesn't use named roles like "Admin" or "Dealer." Instead, access is controlled by 14 individual permissions, assigned to User Groups, which are in turn assigned to users. Any authenticated user can already reach the Dealer Portal side of the app (catalog, quotes, parts, order pads, file library) — permissions only control access to the Administration section.
The 14 Permissions
| Permission | Grants access to |
|---|---|
| Manage Users | Users |
| Manage User Groups | User Groups |
| Upload Files | Data Load / Imports |
| Manage Announcements | Announcements |
| Manage Documents | File Manager |
| Manage Quick Links | Quick Links |
| Manage Parts | Parts |
| Manage Orders | Order Admin |
| Manage Companies | Companies |
| Manage Contacts | Contacts |
| Manage Statuses | Statuses |
| Manage Settings | Settings |
| Manage Reports | Reports |
| Manage Models | Catalog Management (Models/Options — the feature's displayed name is configurable, see Settings) |
User Groups
A User Group is simply a named bundle of permissions. Create a group, check the permissions it should carry, and then assign users to it. A user's access is the union of the permissions granted by every group they belong to.
See User Groups for the creation flow.
Per-User Overrides
An individual user's permission can be manually turned on or off from their own record, overriding whatever their groups say. Once overridden, that permission stays fixed for the user regardless of later group changes, until the override is explicitly removed. See Users for how this works.
Important: Permissions Control the Menu, Not the Page
Permissions determine which links appear in the Administration navigation menu. They are not enforced on every underlying page — a user who knows or guesses an admin URL directly may be able to reach a page even without the matching permission showing it to them in the menu. Two screens (Users, User Groups) do enforce their permission at the page level; the rest currently rely on the menu alone.
Warning
If you're deciding who to grant which permission to, treat this the same as if the pages themselves were unprotected: only grant a permission to someone you'd trust to load that admin page directly, not just someone you want to see the menu link.