Date: 2026-01-12
Status: Active
Overview
This document defines the standard pattern and conventions for permission keys used throughout the Encore OS platform. Permission keys control access to features, entities, and actions within the system.Standard Pattern
Format
Components
- Module (required): The module identifier (e.g.,
hr,fa,rh,fw,it,gr,fm,lo,pf) - Entity (required): The entity or feature being accessed (e.g.,
employees,bills,residents,forms,assets) - Action (required): The action verb describing the permission (e.g.,
view,create,edit,manage,admin)
Examples
Action Verb Definitions
View Permissions
Note:
.view is preferred over .list unless there’s a specific need to distinguish list vs. detail access.
Create/Edit Permissions
Manage Permissions
Guideline: Use
.manage for most entities unless there’s a specific business need to separate create/edit/delete permissions.
Administrative Permissions
Guideline: Use
.admin for:
- Module-level settings
- Configuration pages
- Administrative functions
- Advanced features requiring elevated privileges
Workflow Permissions
Specialized Permissions
Module-Specific Examples
HR Module
Finance & Accounting Module
Recovery Housing Module
Forms & Workflow Module
IT Operations Module
Permission Key Consistency
Standardization Rules
- Use
.managefor CRUD operations unless there’s a specific business need to separate create/edit/delete - Use
.adminfor settings and configuration, not for regular CRUD operations - Use
.viewfor read access, prefer over.listunless distinction is needed - Use
.approvefor approval workflows, not.manageor.admin - Use module-level
.adminfor full module access and settings
Common Inconsistencies to Avoid
❌ Wrong:Migration Guide
Standardizing Existing Permissions
When standardizing existing permission keys:- Audit current usage - Identify all permission keys in use
- Map to standard pattern - Determine correct action verb
- Update code references - Update all code using old permission keys
- Update database - Migrate permission assignments
- Update documentation - Update navigation worksheets and specs
Example Migration
Before:Navigation Integration
Permission keys are used in navigation to control visibility:See Also
src/platform/permissions/constants.ts- Permission definitionssrc/platform/modules/module-registry.ts- Navigation permission usageAGENTS.md §Permissions System Patterns- Permission system patternsspecs/pf/PF-30-permissions-system-v2.md- Permissions system specification