Roles and Permissions
Nexalix uses a role-based access control system (RBAC). Every user has one or more roles, and each role grants a specific set of permissions. This determines what each person can see and do within the platform.
How roles work
Section titled “How roles work”- A role is a named group of permissions (e.g., “Technician”, “Organisation Admin”).
- A permission is a single action or access level (e.g., “create incidents”, “view statistics”).
- Each user can have one or more roles — their effective permissions are the combined set of all their roles’ permissions.
When a user tries to perform an action — such as editing an incident or managing users — Nexalix checks whether any of their roles include the required permission. If not, the action is blocked.
Default roles
Section titled “Default roles”Every Nexalix organisation comes with three pre-configured roles. These cover the most common team structures and cannot be deleted.
Organisation Admin
Section titled “Organisation Admin”Full control over the organisation’s settings, users, and data. This is the most powerful role available to customers and is typically assigned to team leaders, IT administrators, or operations managers.
Organisation Admins can:
- View and manage all incidents, regardless of assignment or department
- Create, edit, and deactivate users within the organisation
- Assign roles to users (with the restriction that they can only grant permissions they themselves have)
- Manage incident templates — create, edit, delete, and assign templates to departments
- Configure statuses and workflows — define the incident lifecycle, transitions, and rules
- Manage departments (sub-organisations) — create, rename, and delete departments
- View and edit statistics — access all dashboards, KPIs, and custom field analytics
- Manage notification settings — view subscription summaries and notification logs for the organisation
- Enable and configure modules — SLA management, auto-assignment pools, asset registry, cost tracking, KML map layers, and citizen portal
- Manage roles and permissions — create custom roles, assign permissions
- View and manage quotas — see plan limits and current usage
- Manage branding — customise the product name, logo, and colours for the organisation
Senior Technician
Section titled “Senior Technician”A supervisory role for field staff who need broader visibility and the ability to assign work to others. Senior Technicians can:
- View all incidents in the organisation
- Create incidents and assign them to other users
- View users within the organisation (read-only)
- View SLA, asset, cost, and citizen report data (read-only)
- View auto-assignment pool configurations (read-only)
This role is ideal for team leads or supervisors who coordinate work but do not need full administrative control.
Technician
Section titled “Technician”The standard role for field operatives who work on assigned incidents. Technicians can:
- View all incidents in the organisation
- Create new incidents
- Edit their own incidents and incidents assigned to them
- Record costs against incidents (if the cost tracking module is enabled)
This role provides the minimum access needed for day-to-day field work.
Creating a custom role
Section titled “Creating a custom role”If the default roles do not fit your team structure, you can create custom roles with a tailored set of permissions.
- Go to Admin → Roles in the sidebar.
- Click Create Role.
- Enter a name for the role (e.g., “Inspector”, “Department Manager”, “Read-Only Viewer”).
- Select the permissions you want this role to have from the list below.
- Click Save.
Complete permission reference
Section titled “Complete permission reference”Below is the full list of permissions available in Nexalix, grouped by area. The Permission Key column shows the exact identifier as it appears in the platform.
Incidents
Section titled “Incidents”| Permission Key | Description |
|---|---|
incidents.view | View all incidents in the organisation |
incidents.view_own | View only incidents registered by the current user |
incidents.create | Create new incidents |
incidents.update | Edit any incident in the organisation |
incidents.update_own | Edit only incidents registered by the current user |
incidents.update_assigned | Edit incidents that are assigned to the current user |
incidents.delete | Delete (soft-delete) incidents |
incidents.assign | Assign or reassign incidents to users |
incidents.use_templates | Use incident templates when creating incidents |
| Permission Key | Description |
|---|---|
users.view_own_org | View users within the same organisation |
users.create | Create new users |
users.update | Edit user profiles |
users.update_own | Edit own profile only |
users.delete | Delete users (blocked if the user has operational data) |
users.update_roles_org | Assign roles to users within the same organisation |
users.activate_deactivate | Activate or deactivate user accounts |
Organisation
Section titled “Organisation”| Permission Key | Description |
|---|---|
organizations.view_own | View own organisation’s details |
organizations.manage | Edit organisation settings (branding, 2FA enforcement, etc.) |
suborganizations.manage | Create, edit, and delete departments (sub-organisations) |
Roles and permissions
Section titled “Roles and permissions”| Permission Key | Description |
|---|---|
roles.view | View the list of roles |
roles.create | Create new custom roles |
roles.update | Edit existing roles and their permissions |
roles.delete | Delete custom roles |
permissions.view | View the list of available permissions |
Incident templates
Section titled “Incident templates”| Permission Key | Description |
|---|---|
templates.view | View incident templates |
templates.create | Create new templates |
templates.update | Edit existing templates |
templates.delete | Delete templates |
templates.assign | Assign templates to specific departments |
Statistics and dashboards
Section titled “Statistics and dashboards”| Permission Key | Description |
|---|---|
statistics.view | View dashboards, KPIs, and analytics |
statistics.edit | Create and edit dashboards, widgets, and custom field statistics |
Notifications
Section titled “Notifications”| Permission Key | Description |
|---|---|
notifications.view_all | View notification subscriptions and logs for all users in the organisation |
Map layers
Section titled “Map layers”| Permission Key | Description |
|---|---|
kml_layers.manage | Upload, edit, and delete KML geographic layers |
SLA Management (module)
Section titled “SLA Management (module)”| Permission Key | Description |
|---|---|
sla.view | View SLA rules and compliance reports |
sla.manage | Create, edit, and delete SLA rules |
Asset Registry (module)
Section titled “Asset Registry (module)”| Permission Key | Description |
|---|---|
assets.view | View assets and asset types |
assets.manage | Create, edit, and delete assets and asset types |
Cost Tracking (module)
Section titled “Cost Tracking (module)”| Permission Key | Description |
|---|---|
costs.view | View cost records and reports |
costs.manage | Edit and delete cost records, manage cost categories |
costs.record | Record new costs against incidents |
Citizen Portal (module)
Section titled “Citizen Portal (module)”| Permission Key | Description |
|---|---|
citizen_reports.view | View citizen-submitted reports |
citizen_reports.moderate | Approve, reject, or merge citizen reports into incidents |
citizen_reports.delete | Delete citizen reports |
Auto-Assignment (module)
Section titled “Auto-Assignment (module)”| Permission Key | Description |
|---|---|
auto_assignment.view | View assignment pools, members, and logs |
auto_assignment.manage | Create, edit, and delete assignment pools and their configuration |
Role examples
Section titled “Role examples”Read-Only Viewer
Section titled “Read-Only Viewer”For stakeholders who need to monitor progress without making changes:
- Create a new role called “Viewer”.
- Select only:
incidents.view,statistics.view. - Save.
Users with this role can see all incidents and dashboards but cannot create, edit, or assign anything.
Field Inspector
Section titled “Field Inspector”For a team member who only works on incidents assigned to them:
- Create a new role called “Field Inspector”.
- Select:
incidents.view_own,incidents.update_assigned,incidents.create,incidents.use_templates. - Save.
This user sees only their own incidents and those assigned to them, and can create new reports from the field.
Cost Recorder
Section titled “Cost Recorder”For administrative staff who log costs but do not manage incidents:
- Create a new role called “Cost Recorder”.
- Select:
incidents.view,costs.record,costs.view. - Save.
This user can view all incidents and record costs against them, but cannot edit incident data.
Assigning roles to users
Section titled “Assigning roles to users”- Go to Admin → Users.
- Click on the user you want to modify.
- In the Roles section, select one or more roles.
- Click Save.
The user’s effective permissions update immediately — they do not need to log out and back in.
Best practices
Section titled “Best practices”- Start with default roles — they cover most team structures. Only create custom roles when you have a specific need.
- Use the least-privilege principle — give each user only the permissions they need to do their job. This reduces the risk of accidental changes.
- Avoid duplicating permissions across many custom roles — if you find yourself creating roles that are slight variations of each other, consider whether fewer roles with broader permissions would be simpler.
- Review roles periodically — as your team grows or your workflows change, revisit your role structure to ensure it still makes sense.