Everyone

Roles & Permissions

Understand the four built-in staff roles and all 30 permission slugs across 11 areas in Opterius Commerce.

Last updated 1776211200
  • Using Permissions in Code
  • Role Preset Defaults

    • Roles & Permissions

    Commerce uses a role + individual permission system. Each staff account has a role (which sets a sensible default) and an optional custom permission override per slot.

    Four Built-in Roles

    Role Description
    super_admin Unrestricted access to everything, including system settings and staff management
    admin Full access to all business areas; cannot manage staff or change system-level settings
    support Can view clients and manage tickets; read-only access to invoices and services
    billing Can manage invoices, payments, and client profiles; read-only access to support tickets

    [!IMPORTANT] Roles are presets, not hard rules. After selecting a role, you can toggle individual permissions on or off. The super_admin role is the only one that cannot be restricted — it always has all permissions.

    30 Permission Slugs by Area

    Clients (4)

    Slug Description
    clients.view View client list and profiles
    clients.create Create new client accounts
    clients.edit Edit client profiles and billing details
    clients.impersonate Log in as a client (see Login as Client)

    Invoices (3)

    Slug Description
    invoices.view View invoices and payment history
    invoices.create Create and issue invoices manually
    invoices.edit Edit invoice line items and status

    Orders (2)

    Slug Description
    orders.view View order queue
    orders.manage Approve, reject, and cancel orders

    Services (3)

    Slug Description
    services.view View active and cancelled services
    services.manage Suspend, unsuspend, terminate services
    services.provision Trigger manual provisioning

    Domains (2)

    Slug Description
    domains.view View registered domains
    domains.manage Renew, transfer, update nameservers

    Tickets (3)

    Slug Description
    tickets.view View ticket queue
    tickets.reply Reply to and close tickets
    tickets.assign Assign tickets to staff members

    Products (2)

    Slug Description
    products.view View product catalogue
    products.manage Create and edit products, addons, pricing

    Servers (2)

    Slug Description
    servers.view View server and Panel connection list
    servers.manage Add, edit, and test Panel connections

    Reports (1)

    Slug Description
    reports.view View all revenue, tax, and churn reports

    Settings (2)

    Slug Description
    settings.view View system settings pages
    settings.edit Save changes to system settings

    Staff (4)

    Slug Description
    staff.view View staff list
    staff.create Create new staff accounts
    staff.edit Edit existing staff accounts
    staff.delete Delete staff accounts

    Using Permissions in Code

    Blade directive

    @staffcan('invoices.create')
  <a href="/admin/invoices/create">New Invoice</a>
@endstaffcan

    Middleware (routes)

    Route::middleware('staff.can:services.manage')->group(function () {
    // routes only accessible with services.manage permission
});

    Role Preset Defaults

    Permission area super_admin admin support billing
    Clients All All view only view + edit
    Invoices All All view only All
    Orders All All view only view only
    Services All All view only view only
    Tickets All All All view only
    Staff All None None None
    Settings All view only None None
    Previous
    ← Managing Staff Accounts
    Next
    Two-Factor Authentication →