Learn how access control works for team members in SupportRetriever.
Permission System Overview
SupportRetriever uses a permission-based access control system:
- Granular Control: Different access levels
- Team Collaboration: Multiple users can access
- Security: Prevents unauthorized access
- Flexibility: Assign appropriate permissions
Permission Levels
Admin
Full access to everything:
- View all conversations
- Reply to all conversations
- Manage team members
- Access all settings
- Manage forms
- View statistics
Reply to Conversations
Read and write access:
- View conversations
- Reply to conversations
- Use saved replies
- Send messages
- Cannot manage team
- Cannot change settings
View Conversations
Read-only access:
- View conversations
- See message history
- View metadata
- Cannot reply
- Cannot manage anything
How Permissions Work
Form-Level Access
Permissions are tied to forms:
- Team members see forms they have access to
- Conversations for those forms are visible
- Access is enforced at API level
Inheritance
- Admin includes all permissions
- Reply includes View
- View is standalone
Permission Enforcement
API Level
- Permissions checked on every request
- Cannot bypass through UI
- Secure by design
- Enforced server-side
UI Level
- Features hidden if no permission
- Error messages for denied actions
- Clear indication of access level
- User-friendly restrictions
Permission Display
Team members see their permissions:
- In conversation views
- In error messages
- In settings
- When actions are restricted
Security Features
Access Control
- Only authorized users can access
- Permissions cannot be bypassed
- Secure by default
- Regular permission checks
Audit Trail
- Permission changes tracked
- Team member additions logged
- Access attempts recorded
- Security monitoring
Best Practices
Principle of Least Privilege
- Grant minimum necessary permissions
- Use View for observers
- Use Reply for support agents
- Reserve Admin for managers
Regular Review
- Review permissions monthly
- Remove unnecessary access
- Update as roles change
- Audit team access
Clear Communication
- Explain permission levels
- Document who has what access
- Communicate changes
- Train team on permissions