Skip to main content
Version: 1.0.0
Date: 2026-01-12
Status: Active

Overview

This document defines the standard pattern and conventions for permission keys used throughout the Encore OS platform. Permission keys control access to features, entities, and actions within the system.

Standard Pattern

Format

Components

  1. Module (required): The module identifier (e.g., hr, fa, rh, fw, it, gr, fm, lo, pf)
  2. Entity (required): The entity or feature being accessed (e.g., employees, bills, residents, forms, assets)
  3. Action (required): The action verb describing the permission (e.g., view, create, edit, manage, admin)

Examples

Action Verb Definitions

View Permissions

Note: .view is preferred over .list unless there’s a specific need to distinguish list vs. detail access.

Create/Edit Permissions

Manage Permissions

Guideline: Use .manage for most entities unless there’s a specific business need to separate create/edit/delete permissions.

Administrative Permissions

Guideline: Use .admin for:
  • Module-level settings
  • Configuration pages
  • Administrative functions
  • Advanced features requiring elevated privileges

Workflow Permissions

Specialized Permissions

Module-Specific Examples

HR Module

Finance & Accounting Module

Recovery Housing Module

Forms & Workflow Module

IT Operations Module

Permission Key Consistency

Standardization Rules

  1. Use .manage for CRUD operations unless there’s a specific business need to separate create/edit/delete
  2. Use .admin for settings and configuration, not for regular CRUD operations
  3. Use .view for read access, prefer over .list unless distinction is needed
  4. Use .approve for approval workflows, not .manage or .admin
  5. Use module-level .admin for full module access and settings

Common Inconsistencies to Avoid

Wrong:
Correct:

Migration Guide

Standardizing Existing Permissions

When standardizing existing permission keys:
  1. Audit current usage - Identify all permission keys in use
  2. Map to standard pattern - Determine correct action verb
  3. Update code references - Update all code using old permission keys
  4. Update database - Migrate permission assignments
  5. Update documentation - Update navigation worksheets and specs

Example Migration

Before:
After:
Permission keys are used in navigation to control visibility:
Navigation items are hidden if the user lacks the required permission.

See Also

  • src/platform/permissions/constants.ts - Permission definitions
  • src/platform/modules/module-registry.ts - Navigation permission usage
  • AGENTS.md §Permissions System Patterns - Permission system patterns
  • specs/pf/PF-30-permissions-system-v2.md - Permissions system specification