Roles & permissions

Admin only

Roles decide what each person can do in your workspace. As an admin, you set this from one place: the User Roles matrix in company settings, where you turn each capability on or off per role.

Managing roles and permissions is an admin-only task. People without admin rights can use the app under their assigned role, but they can't see or change the matrix.

Overview

A role is a named group (like 3PL Admin or Brand Admin). A permission is a single thing a role is allowed to do, grouped by the module it belongs to (for example, an action under Tasks or WMS). The User Roles matrix lists roles across the top and permissions down the side, so you can read and edit "who can do what" at a glance.

From here you can:

  • See every built-in role and its current permissions.
  • Turn an individual permission on or off for a role.
  • Define a custom role and its rights.

Screenshot: The User Roles permission matrix in company settings. (pending capture)

Understand the built-in roles

Packr ships with a standard set of roles that cover both 3PL and brand sides. In the User Roles matrix, the role columns appear in this order:

  • 3PL Admin (3PLAdmin) — full operator-side admin. Its permissions are fixed and cannot be edited; its checkboxes are disabled and hovering one shows "3PL Admin permissions cannot be edited".
  • 3PL Manager (3PLManager) — operator role with management-level rights.
  • 3PL Employee (3PLEmployee) — day-to-day operator role.
  • Brand Admin (BrandAdmin) — admin for a brand's own users and data.
  • Brand Manager (BrandManager) — brand role with management-level rights.
  • Brand Employee (BrandEmployee) — day-to-day brand role.

There is also a platform staff role, packrAdmin, used by Packr for cross-workspace administration. You won't manage packrAdmin from the matrix.

Note

A "brand" is the same thing the Directory screen labels as a "Group." Brand-side roles control access to that brand's data within your workspace.

Read the permission matrix

The matrix lives under User Roles on the company settings page. Roles run across the top row, and permissions run down the left column under the Action header.

  1. Go to company settings to open the User Roles section.
  2. Read the top row to find the role you care about (for example, 3PL Manager).
  3. Scroll the left column to find the capability, grouped under its module heading.
  4. The cell where the role and the permission meet shows a checkbox: checked means the role can do it; an empty cell means that permission doesn't apply to that role.

Because permissions are grouped by module, you can scan a whole area (such as all Tasks or all WMS actions) for one role at a time.

Change what a role can do

You edit permissions directly in the matrix by toggling the checkbox where a role meets a capability. Editing the matrix is an admin-only task.

  1. In the User Roles matrix, find the role's column and the permission's row.
  2. Select the checkbox in that cell to grant the permission, or clear it to remove the permission.
  3. The change saves immediately; you'll see a "Role updated successfully" confirmation.

Warning

Changes take effect right away for everyone with that role. Clearing a permission removes that capability for all members of the role, so double-check the column before you uncheck.

Note

The 3PL Admin column is read-only. Its checkboxes are disabled and hovering one shows "3PL Admin permissions cannot be edited," so you can't accidentally lock yourself out of admin rights.

Screenshot: Toggling a permission in the User Roles matrix. (pending capture)

Create a custom role

If the built-in roles don't fit, you can define your own role and the rights it includes. Creating a custom role is an admin-only task.

  1. In the User Roles section, open the add-role form.
  2. Enter a Role Name (for example, "Admin").
  3. Enter a Right ID — the specific capability this role entry grants (for example, admin.right).
  4. Set the Can Do checkbox to allow the capability, or leave it clear to deny it.
  5. Save. The new role appears as a column in the matrix, where you can continue turning permissions on and off.

Tip

A custom role is just another column in the matrix. Build it up one permission at a time using the checkboxes, the same way you'd adjust any built-in role.

Tips

  • Roles control capabilities; brand assignment controls which brands a person sees. To assign people to brands, see Members & invites.
  • Use the smallest role that still lets someone do their job — it's easier to add a permission later than to clean up over-broad access.
  • The 3PL Admin role is your safety net: because it can't be edited, your workspace always keeps at least one fully capable admin role.

Common questions

What roles are available? The built-in roles are 3PL Admin, 3PL Manager, 3PL Employee, Brand Admin, Brand Manager, and Brand Employee. There's also a Packr platform staff role, packrAdmin, that you don't manage from the matrix. You can also add custom roles.

How do I change what someone can do? Open the User Roles matrix in company settings, find the person's role column and the capability's row, then check or clear the checkbox in that cell. The change saves immediately for everyone with that role.

Can I create a custom role? Yes. Use the add-role form in the User Roles section, give it a Role Name and a Right ID, set the Can Do checkbox, and save. The new role becomes a column in the matrix.

What's the difference between a role and a permission? A role is a named group of people (like Brand Manager). A permission is a single capability, grouped by module, that a role is or isn't allowed to do. Roles are the columns in the matrix; permissions are the rows.

Why can't I edit the 3PL Admin column? The 3PL Admin role is intentionally read-only ("3PL Admin permissions cannot be edited") so your workspace always keeps a fully capable admin role. Adjust other roles instead, or create a custom one.

Where do I manage roles? In company settings, under the User Roles section. Only admins can see and change this matrix.