Role Permissions — AeroTrack Guide

The 8 Roles

1 Role Overview

AeroTrack has 8 built-in roles. Each role grants access to specific modules and actions. Roles are enforced by server-side middleware — users cannot bypass access controls.

Role	Description	Primary Access
`super_admin`	Full system access, all modules.	Everything
`admin`	Full access including user management.	Everything
`manager`	Operations manager with broad read/write.	Phase 1 modules + distribution lists
`store_manager`	Manages stores, stock, and receipts.	Inventory + Procurement
`store_keeper`	Day-to-day store operations.	Inventory (issues, receipts)
`purchase_officer`	Handles procurement workflows.	Procurement + Vendors
`viewer`	Read-only access to allowed modules.	View only — no create/edit/delete
`camo_engineer`	Continuing airworthiness management.	All CAMO modules + read-only Phase 1
`mro_engineer`	MRO-145 maintenance execution.	MRO-145 inbox + jobs + defects

Role selector dropdown in the Add User form showing all 8 available roles

2 Assign a Role

When creating or editing a user (see User Management), select a role from the Role dropdown. The role takes effect immediately — the user’s sidebar and accessible routes update on their next page load.

Changing a user’s role from admin to a lower role removes their access to user management and settings. Ensure at least one admin account remains active at all times.

Module Access Matrix

3 Phase 1 Modules

all roles Phase 1 modules (Masters, Procurement, Inventory, Sales, Maintenance, Reports, Analytics) are accessible to all authenticated users with varying CRUD permissions based on role.

Module	View	Create	Edit	Delete
Masters	All	All except viewer	All except viewer	Admin only
Procurement	All	purchase_officer+	purchase_officer+	Admin only
Inventory	All	store_keeper+	store_keeper+	Admin only
Sales	All	All except viewer	All except viewer	Admin only
Reports	All	—	—	—
Analytics	All	—	—	—

Sidebar navigation showing module groups accessible to the current user role

4 CAMO Modules

camo_engineer admin CAMO modules are middleware-gated. Only admin, super_admin, and camo_engineer can access these routes:

Module	Routes
Aircraft Fleet	`/camo/aircraft`, `/camo/models`, `/camo/ata-chapters`
Tech Library	`/tech-library/*`
Flight Operations	`/flight-ops/*`
MEL/Snag	`/mel-snag/*`
Quality Assurance	`/quality/*`
Work Orders	`/work-orders/*`
HR Module	`/hr/*`
CAMO Reports	`/camo/reports/`, `/camo/graphs/`, `/camo/registers/*`

camo_engineer has full CRUD on all CAMO modules and read-only access to Phase 1 modules (Masters, Procurement, Inventory, Sales).

5 MRO-145 & Admin Modules

mro_engineer The MRO-145 module at /mro145/* is restricted to admin, super_admin, and mro_engineer.

admin Admin-only pages include:

Page	Route	Action
User Management	`/settings/users`	Create, edit, deactivate users
Distribution Lists	`/settings/utilities/distribution-list`	Create/manage notification lists

If a user tries to access a restricted route, the middleware redirects them to the dashboard. No error message is shown — the route simply isn’t reachable.