Roles & Permissions

TendSocial implements role-based access control (RBAC) at the company level.

Default Roles

Role	Description	System?	Mutable?
`owner`	Full control, billing access	Yes	No
`admin`	Manage team, settings	Yes	Permissions only
`manager`	Approve content, view analytics	Yes	Permissions only
`member`	Create content, limited access	Yes	Permissions only
`viewer`	Read-only access	Yes	Permissions only

API Endpoints

GET /api/roles

List all roles for the company.

typescript

// Response
[{
  id: string,
  name: string,
  description: string | null,
  isCustom: boolean,
  isSystem: boolean,
  permissions: string[]
}]

POST /api/roles

Create a custom role.

typescript

// Request
{
  name: string,
  description?: string,
  permissions: string[]
}

PUT /api/roles/:id

Update a role (permissions, name, description).

Note: System roles cannot have their core properties changed, but permissions may be editable.

DELETE /api/roles/:id

Delete a custom role.

Note: System roles (isSystem: true) cannot be deleted.

Permission Keys

Standard permission keys used in the system:

Permission	Description
`content:create`	Create posts, campaigns
`content:edit`	Edit any content
`content:delete`	Delete content
`content:publish`	Publish to social accounts
`content:approve`	Approve pending content
`analytics:view`	View analytics dashboard
`analytics:export`	Export analytics data
`team:manage`	Invite/remove team members
`team:roles`	Manage roles and permissions
`settings:company`	Edit company settings
`settings:billing`	Access billing settings
`integrations:manage`	Connect/disconnect platforms

Frontend Integration

typescript

// usePermissions hook
const { hasPermission } = usePermissions();

if (hasPermission('content:approve')) {
  // Show approval button
}

Database Schema

prisma

model CompanyRole {
  id          String   @id @default(cuid())
  companyId   String
  name        String
  description String?
  permissions String[]
  isCustom    Boolean  @default(true)
  isSystem    Boolean  @default(false)
  createdAt   DateTime @default(now())
  updatedAt   DateTime @updatedAt
}

model User {
  role      String   @default("member")
  roleId    String?  // References CompanyRole
}

Architecture

Deployment

Frontend Development

Developer Onboarding

Operations

infrastructure

Standards

Admin Features

analytics

configuration

Roles & Permissions

Default Roles

API Endpoints

GET /api/roles

POST /api/roles

PUT /api/roles/:id

DELETE /api/roles/:id

Permission Keys

Frontend Integration

Database Schema

Admin Features

Roles & Permissions ​

Default Roles ​

API Endpoints ​

GET /api/roles ​

POST /api/roles ​

PUT /api/roles/:id ​

DELETE /api/roles/:id ​

Permission Keys ​

Frontend Integration ​

Database Schema ​

Roles & Permissions

Default Roles

API Endpoints

GET /api/roles

POST /api/roles

PUT /api/roles/:id

DELETE /api/roles/:id

Permission Keys

Frontend Integration

Database Schema