Team and permissions
Hilal Software uses role-based access control with the option to override individual permissions per member. This is the deeper guide; for the quick onboarding flow see Invite your team.
In this guide:
- The role model
- Invite, change role, remove
- Override individual permissions
- See the audit log
The role model
Three roles:
| Role | Member-mgmt | Billing | Integrations | Data |
|---|---|---|---|---|
| Owner | Full | Full | Full | Full |
| Admin | Full | Full | Full | Full |
| Member | None | None | None | Full |
The line between Admin and Member is organizational (members, billing, integrations) vs operational (everything else). Both can manage inventory, run campaigns, message customers, and read finances — unless you override.
Step 1: Invite, change role, remove
Settings → Members:
- Invite — top-right button. See Invite your team for the full flow.
- Change role — open a member row → role dropdown. Owner can change anyone’s role; Admin can change any non-Owner. (You can’t demote yourself if you’d be the only admin.)
- Remove — open a member row → Remove from organization. The member loses access immediately; their data contributions stay.
Step 2: Override individual permissions
Click any member row → Permissions tab.
The matrix is grouped by section (Inventory, Advertising, Customer Hub, Finances, AI, Settings) with per-action toggles inside each.
Common patterns:
| Pattern | What to toggle |
|---|---|
| VA who shouldn’t see Finances | Member role; toggle off all Finances permissions. |
| Ad-ops contractor | Member role; toggle off all permissions except Advertising and Dashboard. |
| Read-only auditor | Member role; toggle off every *.create and *.update permission. |
Toggles take effect on next page load for that user.
Step 3: See the audit log
Settings → Audit log shows every consequential action across the organization with: user, action, target, timestamp, IP.
Filter by:
- User — what has this VA been doing?
- Action — every campaign edit, every PO raised, every member invited.
- Date range.
Useful for security reviews and reconstructing what happened.
How permissions are enforced
The two-layer model:
- Server-side (authoritative) — every API call checks the caller’s role + per-permission overrides.
- Client-side (UI gating) — buttons, menus, and pages hide based on a fetched permission list. Hidden ≠ inaccessible — server is what protects you.
Permissions are cached for 60 seconds in the middleware, so role changes take up to a minute to propagate. Org switches clear the cache immediately.
Troubleshooting
- Toggle didn’t take effect for a user. Wait 60 seconds, or have the user reload the page.
- Owner is greyed out for transfer. There must always be exactly one Owner. Use Transfer ownership under Settings → Organization to move it.
- A removed member can still access via API. They can’t — server enforces every call. If they have an old session token, it’s already invalidated.