Skip to main content
Permissions are the atomic units of authorization in iWorkWhen. Roles bundle them. A user’s effective permissions are the union of their roles’ permissions.

Self

Actions on your own data.
KeyLabel
self.schedule.viewView own schedule
self.profile.editEdit own profile
self.trade.createCreate trade request
self.trade.viewView available trades
self.absence.createCreate absence request
self.ot.volunteerVolunteer for overtime
self.ot.requestRequest overtime
self.note.createCreate note
self.message.sendSend messages

Admin

User, group, location, and org management.
KeyLabel
users.viewView users
users.manageManage users (create/edit/disable)
users.hours.changeChange user hours (time banks)
roles.viewView roles
roles.manageManage roles and permissions
groups.viewView groups
groups.manageManage groups
locations.viewView locations / positions
locations.manageManage locations
timebank.view.allView all users’ time banks
smtp.manageManage SMTP settings
rules.manageManage customer rules

Schedule

Schedule building and management.
KeyLabel
schedule.view.allView all schedules
schedule.publishPublish schedules
schedule.history.viewView schedule change history
shifts.viewView all shifts
shifts.manageCreate/edit/delete shifts
shift_patterns.manageManage shift definitions/patterns
coverage.viewView coverage plans and exceptions
coverage.manageManage coverage
duties.viewView duty assignments
duties.manageManage duty plans and assignments

Approval

Approving others’ requests.
KeyLabel
trades.approveApprove trades
trades.recordRecord trades directly
absences.approveApprove absences
absences.record.unscheduledRecord unscheduled absence
absences.record.scheduledRecord scheduled absence
ot.approveApprove overtime
notes.view.allView all notes (not just own or targeted)

Bidding

Running and participating in bidding rounds.
KeyLabel
bidding.vacation.manageManage vacation bidding rounds
bidding.vacation.bidSubmit vacation bid
bidding.shift.manageManage shift bidding rounds
bidding.shift.bidSubmit shift bid

Reports

KeyLabel
reports.viewView reports
reports.manageCreate/save reports

Special Assignments

KeyLabel
sa.viewView special assignments
sa.manageManage SA categories and assignments

Checking a permission in code

Server side: 
import { hasPermission, requirePermission } from '@/lib/permissions';

// Boolean check
const can = await hasPermission(userId, 'trades.approve');

// Redirect if missing
await requirePermission('trades.approve');
In the database (RLS policies use this helper function): 
-- current_has(perm text) returns boolean
select public.current_has('trades.approve');