Roles and Permissions¶
Kiket provides a flexible role-based access control (RBAC) system that allows organizations to define who can access what within the platform.
System Roles¶
Kiket includes built-in system roles that are automatically created for each organization:
| Role | Priority | Description |
|---|---|---|
| Organization Admin | 100 | Full access to all organization resources |
| Finance Manager | 90 | Manage financial reports and commissions |
| Project Manager | 80 | Manage projects, teams, and view financial data |
| Developer | 60 | Work on issues and view projects |
| Viewer | 20 | Read-only access to projects and issues |
Organization Admin¶
Full administrative access including: - All project and team management - User management and role assignments - Financial reporting and commission management - Audit log access - Organization settings and integrations
Finance Manager¶
Financial operations access: - View financial dashboards and metrics - Export financial reports - Approve and manage sales commissions - Create and manage scheduled reports - View users, teams, and audit logs
Project Manager¶
Project and team oversight: - Create and manage projects - Manage project members - Full issue management - Team creation and management - View financial dashboards (read-only) - View insights and workflows
Developer¶
Day-to-day development work: - View projects and teams - Create and edit issues - Change issue status - View insights and workflows
Viewer¶
Read-only access: - View projects, issues, and teams - View users, insights, and workflows - No edit or create permissions
Available Permissions¶
Permissions are organized by resource type:
Project Permissions¶
| Permission | Description |
|---|---|
projects.view |
View projects |
projects.create |
Create projects |
projects.edit |
Edit projects |
projects.delete |
Delete projects |
projects.manage_members |
Manage project members |
Issue Permissions¶
| Permission | Description |
|---|---|
issues.view |
View issues |
issues.create |
Create issues |
issues.edit |
Edit issues |
issues.delete |
Delete issues |
issues.assign |
Assign issues |
issues.change_status |
Change issue status |
Team Permissions¶
| Permission | Description |
|---|---|
teams.view |
View teams |
teams.create |
Create teams |
teams.edit |
Edit teams |
teams.delete |
Delete teams |
teams.manage_members |
Manage team members |
User Permissions¶
| Permission | Description |
|---|---|
users.view |
View users |
users.invite |
Invite users |
users.edit |
Edit users |
users.delete |
Delete users |
users.manage_roles |
Manage user roles |
Organization Permissions¶
| Permission | Description |
|---|---|
organization.view |
View organization details |
organization.edit |
Edit organization settings |
organization.manage_billing |
Manage billing |
organization.manage_integrations |
Manage integrations |
Insights Permissions¶
| Permission | Description |
|---|---|
insights.view |
View insights |
insights.create |
Create insights |
insights.edit |
Edit insights |
insights.delete |
Delete insights |
Workflow Permissions¶
| Permission | Description |
|---|---|
workflows.view |
View workflows |
workflows.create |
Create workflows |
workflows.edit |
Edit workflows |
workflows.delete |
Delete workflows |
Financial Permissions¶
| Permission | Description |
|---|---|
financial.view |
View financial dashboards and metrics |
financial.export |
Export financial reports |
financial.manage_commissions |
Approve and manage sales commissions |
financial.manage_schedules |
Create and manage scheduled reports |
financial.admin |
Full access to financial configuration |
License Permissions¶
| Permission | Description |
|---|---|
licenses.view |
View licenses |
licenses.manage |
Manage licenses |
Audit Permissions¶
| Permission | Description |
|---|---|
audit.view |
View audit logs |
audit.export |
Export audit logs |
Creating Custom Roles¶
In addition to system roles, you can create custom roles tailored to your organization's needs.
Via Admin Panel¶
- Navigate to Admin > Roles
- Click New Role
- Enter a name and description
- Select the permissions to grant
- Set the priority (higher = more privileged)
- Save the role
Via Configuration¶
Define custom roles in your team.yaml configuration file:
model_version: "1.0"
team:
id: engineering
name: Engineering Team
roles:
- id: tech-lead
name: Tech Lead
permissions:
- projects.view
- projects.edit
- projects.manage_members
- issues.view
- issues.create
- issues.edit
- issues.assign
- issues.change_status
- teams.view
- teams.manage_members
- financial.view
Assigning Roles to Users¶
Via Admin Panel¶
- Navigate to Admin > Users
- Select a user
- Click Manage Roles
- Add or remove role assignments
- Changes take effect immediately
Via API¶
# Assign a role to a user
curl -X POST "https://api.kiket.dev/v1/users/{user_id}/roles" \
-H "Authorization: Bearer $TOKEN" \
-d '{"role_id": "finance-manager"}'
Role Priority¶
Role priority determines which permissions take precedence when a user has multiple roles:
- Higher priority roles are evaluated first
- Organization Admin (100) has the highest priority
- Custom roles default to priority 50
- Viewer (20) has the lowest priority
Checking Permissions¶
In Code¶
# Check if a custom role has a permission
role = CustomRole.find_by(name: "Finance Manager")
role.has_permission?("financial.view") # => true
role.has_permission?("projects.delete") # => false
Permission Groups¶
Roles can report their permissions grouped by resource:
role.permission_groups
# => {
# "financial" => ["view", "export", "manage_commissions"],
# "users" => ["view"],
# "teams" => ["view"]
# }
Super Admin Access¶
In addition to organization-level roles, Kiket has a super admin flag for platform-wide administrative access. Super admins can:
- Access the global admin panel
- View all organizations
- Manage platform-wide settings
- Access financial reporting for all tenants
Super admin status is set at the platform level and is separate from organization roles.
Audit Logging¶
All permission and role changes are logged:
- Role assignments and removals
- Permission grants and revocations
- Custom role creation and modification
- API token scope changes
View audit logs at Admin > Security > Audit Log.
Best Practices¶
- Start with system roles: Use built-in roles before creating custom ones
- Principle of least privilege: Grant only necessary permissions
- Use Finance Manager for financial access: Don't give Organization Admin to users who only need financial reporting
- Regular audits: Review role assignments quarterly
- Document custom roles: Record the business reason for each custom role
- Separate API tokens: Create tokens with minimal required scopes
Troubleshooting¶
User Can't Access Financial Reports¶
- Check if user has
financial.viewpermission - Verify role assignment in Admin > Users
- Ensure role has correct priority
- Check audit log for recent permission changes
Permission Changes Not Taking Effect¶
- User may need to refresh their session
- Check for conflicting role assignments
- Verify the role still exists (wasn't deleted)
- Check that permission is spelled correctly
Custom Role Missing Permissions¶
- Verify permissions are in the
AVAILABLE_PERMISSIONSlist - Check for typos in permission names
- Ensure role was saved after adding permissions
For additional help, contact your organization admin or reach out to support.