Roles & Permissions
Access control model with role-based permissions and multi-tenant data isolation.
Last updated April 17, 2026
OpenVTS uses role-based access control with four user types and multi-tenant data isolation.
Access Matrix
| Module | Superadmin | Admin | Team Member | Driver |
|---|---|---|---|---|
| Dashboard | Full | Full | View | No |
| Maps | Full | Full | View assigned | Own vehicle |
| Vehicles | CRUD + Bulk | CRUD + Bulk | View assigned | View own |
| Drivers | CRUD + Bulk | CRUD + Bulk | View | N/A |
| Users | CRUD + Impersonate | CRUD (own org) | No | No |
| Landmarks | CRUD | CRUD | View | No |
| Reports | Full | Full | Generate | No |
| Notifications | Full config | Own org config | View | Receive only |
| Sensors | CRUD | CRUD | View | No |
| Settings | All tabs | Profile only | Profile only | Profile only |
| Support | All tickets | Own org | Own tickets | Own tickets |
| Transactions | All | Own org | No | No |
Superadmin-Only Actions
- Login as User — impersonate any user
- White Label — platform branding
- SMTP — email server configuration
- Payment Gateway — payment processing setup
- General Settings — signup controls
- Localization — language and timezone
- Cross-organization data access
Data Isolation
Each organization's data (vehicles, users, drivers, transactions) is completely isolated. Admins see only their organization's data. Superadmins can cross boundaries for support.
Vehicle Visibility
Team Members and Drivers only see vehicles explicitly assigned to them. Assign vehicles via Users > user > Vehicles tab.