Admin Roles
Create and manage admin roles, assign permissions to them, and control which admin users hold each role.
Overview
Admin roles let administrators delegate specific sections of the admin panel to team members without granting full system access. Each role carries a set of granular permissions and can be assigned to any number of admin users. Changes take effect immediately.
Accessing the Page
Navigate to Admin > Admin Roles. Requires the admin-roles:read permission (or admin:access via a system role).
Permissions
| Permission | Description |
|---|---|
admin-roles:read | View the admin roles list |
admin-roles:create | Create new admin roles |
admin-roles:edit | Edit existing roles (name, description, permissions, members) |
admin-roles:delete | Delete non-system roles |
Creating a Role
- Click Create Role (requires
admin-roles:create). - Enter a name (required, max 100 characters) and an optional description.
- Use the permission picker to select which admin permissions the role grants. Permissions are grouped by category with a "select all in category" toggle.
- Click Create Role to save.
Editing a Role
Click any row in the table to open the edit dialog (requires admin-roles:edit).
All fields — name, description, and permissions — are editable for all roles, including system roles.
admin:access Permission
Every role automatically includes the admin:access permission. This permission is always checked and cannot be deselected in the picker. It is required for any admin user to access the admin panel at all.
System Roles
Roles with is_system: true (shown with a "System" badge) are protected:
- They are editable — you can change their name, description, and permissions.
- They are not deletable — the Delete button is disabled with a tooltip explanation.
The built-in system_admin role is an example of a system role.
Member Management
The edit dialog includes a Members section:
- Lists all admin users currently holding the role with their name, email, and avatar.
- Use the search box to find users by name or email and add them to the role.
- Click the remove button next to any member to unassign them.
- Changes take effect immediately — no cache warm-up delay.