Access Control
Beelocity’s access control is layered — start simple with roles and permissions, then add more granularity as your organization grows and your needs become more specific. Each layer narrows what the previous one allows.
| Layer | What it does | Example |
|---|---|---|
| Roles & Permissions | Broad access grants — the foundation | “Inventory Clerk can view and edit products” |
| Policies (ABAC) | Conditional rules on top of roles | “Can only approve POs under 2,000,000 DA” |
| Row Access Rules | Filter which records a user sees | “Only sees stock in their assigned warehouse” |
| Field Visibility & Editability | Hide or lock specific fields per role | “Cost price hidden from sales staff” |
| Hierarchy & Delegations | Org structure and temporary permission sharing | “Manager can delegate approval rights while on leave” |
A denied action at any layer stays denied — layers are cumulative restrictions, not overrides.
Where to Start
Most organizations only need roles and permissions. The built-in roles (Owner, Admin, Member) cover the basics. Create a few custom roles for your specific team structure (e.g., “Warehouse Supervisor”, “Procurement Manager”) and you are set.
Add the other layers only when you have a concrete need:
- Policies — when you need conditional rules like monetary thresholds or segregation of duties.
- Row access — when different users should see different subsets of data.
- Field rules — when certain fields contain sensitive information that not everyone should see or edit.
- Hierarchy and delegations — when you need formal reporting structures or temporary permission sharing.
All access control features are under Access Control in the sidebar. You will see sub-items for Roles, Members, Invitations, Policies, Row Access Rules, Field Visibility Rules, Field Editability Rules, Hierarchy Nodes, User Hierarchy Assignments, and Delegation Grants.