Role

Assign one role per user to control access. Actions and fields are permission-checked and redacted with helpful popovers.

User
Company

Nearly everything in Stockmate is permission locked. Instead of hiding UI entirely, restricted buttons and values remain visible but are redacted with a popover that explains why access is limited, citing which permissions the user has and which they do not.

Create

  • Create roles on the roles page under the settings list using the "Create Role" button.
  • Add a name and optional icon, then select all the permissions you want to grant to this role.
  • Save the role, then navigate to the users page and assign the role to a user.

Owner role

The Owner role grants full control over a company and can be assigned to more than one user. It should be used sparingly, most organisations should instead create an Admin role that aggregates all required permissions.

  • Prefer creating an Admin role with all needed permissions rather than granting Owner.
  • Owners can remove other Owners—including the initial primary owner—so ensure proper governance.
  • If you add the Owner role to another user, review billing, deletion, and export implications.

Permission redaction

Explain, don’t hide

Restricted actions remain visible with a tooltip popover listing present vs missing permissions.

Single-role clarity

One role per user avoids complex, conflicting permission matrices found in multi-role systems.

Attributes

1type Role = { 2 // Identity & audit 3 id: string; // uuid 4 modifiedAt?: Date; 5 modifiedById?: string; // uuid 6 modifiedByEmail?: string; 7 modifiedByEndpoint?: string; 8 9 // Company scoping 10 companyId: string; // uuid 11 company: Company; 12 13 // Core 14 name: string; 15 icon: string; // default: "star" 16 editable: boolean; // default: true 17 18 // Relations 19 users: User[]; // @relation("assigned") 20 permissions: Permission[]; 21 rolesOfInvitedUsers: UserInvite[]; // @relation("roleOfInvitedUser") 22 23 // Notes (DB constraints) 24 // @@unique([companyId, id]) 25 // @@unique([companyId, name]) 26 // @@index([companyId]) 27}

FAQ

Changelog

14-09-2025

feat(permissions): add NotificationDeleter permission

- Grants explicit ability to delete notifications.

14-06-2025

feat(permissions): add DeliverySubmitter permission

- Allows submitting deliveries while keeping broader edit rights scoped to other permissions.

Last updated: 14-09-2025
Stockmate FaviconStockmate
Copyright © 2025 Stockmate
All rights reserved
PricingDocsChangelogContact