Understanding Role-Based Access Control

Overview

Craveva AI uses a comprehensive role-based access control (RBAC) system to ensure users only have access to features and data appropriate for their role.

Available Roles

1. Master Admin

Highest level of access

Manage all companies and tenants
System-wide configuration
Access to all features across all companies
Can create and manage Super Admins
Full billing and usage visibility

Use Case: Platform administrators, Craveva internal team

2. Super Admin

Company-level administrator

Full control over their company
Manage all users and roles within company
Configure company settings
Access all panels and features
Manage billing and credits
Create and manage outlets
Deploy agents company-wide

Use Case: Company owners, C-level executives

3. Admin

Department or outlet manager

Manage users within their scope
Create and manage agents
Access deployment features
View analytics and reports
Manage data sources
Limited billing visibility

Use Case: Department heads, outlet managers

4. Team Lead

Team supervisor

Manage team members
Create and assign agents
View team performance
Access team-specific data
Limited administrative functions

Use Case: Team supervisors, shift managers

5. Project Manager

Project-focused access

Manage specific projects
Create project-related agents
Access project data sources
View project analytics
Coordinate team members

Use Case: Project managers, campaign managers

6. Member

Standard user

Use deployed agents
View assigned data
Limited creation capabilities
Basic reporting access

Use Case: Regular employees, end users

Role Permissions Matrix

|---------|-------------|-------------|-------|-----------|-----------------|--------|

| System Settings | Yes | No | No | No | No | No |

| Company Management | Yes | Yes | No | No | No | No |

| User Management | Yes | Yes | Yes* | Yes* | No | No |

| Agent Creation | Yes | Yes | Yes | Yes | Yes | No |

| Agent Deployment | Yes | Yes | Yes | Yes | Yes | No |

| Data Source Management | Yes | Yes | Yes | Yes | Yes* | No |

| Billing Access | Yes | Yes | Yes* | No | No | No |

| Analytics | Yes | Yes | Yes | Yes | Yes* | Yes* |

| Agent Usage | Yes | Yes | Yes | Yes | Yes | Yes |

*Limited to their scope

Accessing Your Panel

Log in to Craveva AI
You'll be automatically redirected to your role's dashboard:

- Master Admin → /panel/master-admin
- Super Admin → /panel/super-admin
- Admin → /panel/admin
- Admin → /panel/admin
- Super Admin → /panel/super-admin
- Master Admin → /panel/master-admin

Changing Roles

Only users with appropriate permissions can change roles:

Master Admin can change any user's role
Super Admin can change roles within their company
Admin can change roles within their scope (with limitations)

Best Practices

Principle of Least Privilege: Give users only the access they need
Regular Audits: Review user roles periodically
Role Separation: Don't assign multiple roles unless necessary
Documentation: Document why users have specific roles

Security Considerations

Roles are enforced at both UI and API levels
Data is automatically filtered based on role
Audit logs track role changes
Multi-tenant isolation ensures data separation

Troubleshooting

Can't access a feature?

Check your role has permission
Contact your Super Admin or Master Admin
Verify you're logged into the correct company

Need higher permissions?

Request role upgrade from your administrator
Provide business justification if needed

Next Steps

Learn about [Security Best Practices](/documentation/guides/security-best-practices)
Explore [Platform Documentation](/documentation)

Understanding Role-Based Access Control

Understanding Role-Based Access Control

Overview

Available Roles

1. Master Admin

2. Super Admin

3. Admin

4. Team Lead

5. Project Manager

6. Member

Role Permissions Matrix

Accessing Your Panel

Changing Roles

Best Practices

Security Considerations

Troubleshooting

Next Steps

Related Guides

Understanding Billing and Usage Tracking

Shopify E-commerce Integration

Security Best Practices