Permissions & Security
Control who can access what with a robust, multi-tenant aware permission model and strong security.
Overview
TrakSun uses role-based access control (RBAC) with organization scoping to ensure the right people have the right access. Every action is validated against the user's role, organization, and resource ownership. Sensitive operations are protected by additional checks.
The system is built with least-privilege principles, detailed audit logging, and proper isolation between organizations in a multi-tenant architecture.
Permission Model
RBAC Core
- Actions mapped to permissions
- Permissions grouped into roles
- Roles assigned to users
Resource Scoping
- Organization boundary enforcement
- Project-level permissions
- Row-level checks for sensitive data
Roles
System Roles
- Super Admin
- Organization Admin
- Project Manager
- Field Executive
- Viewer
Custom Roles
- Per-organization role definitions
- Permission templates
- Granular permission toggles
Scoping & Isolation
Organization Isolation
All data access is scoped to the user's organization ID to prevent cross-tenant leakage.
Project Boundaries
Project-level permissions ensure users only access specific projects they are assigned to.
Resource Ownership
Sensitive resources enforce owner checks in addition to role permissions.
Security Controls
Authentication
- Email/Password & Phone OTP
- 2FA support
- Session management & timeouts
Authorization
- Role-based checks
- Organization scoping
- Policy enforcement at API layer
Best Practices
Least Privilege
Assign the minimum permissions required for each role.
Regular Reviews
Audit roles, permissions, and access logs on a regular schedule.
Separation of Duties
Distribute critical permissions to avoid single points of failure.
Last updated on November 17, 2025