> ## Documentation Index
> Fetch the complete documentation index at: https://docs.encoreos.io/llms.txt
> Use this file to discover all available pages before exploring further.
# Module Permissions Matrix
> Version: 1.2.0 Last Updated: 2025-12-12 Spec Reference: PF-30 (Permissions System V2)
**Version:** 1.2.0\
**Last Updated:** 2025-12-12\
**Spec Reference:** PF-30 (Permissions System V2)
This document defines all permissions for each module. Permissions follow the format: `{module}.{entity}.{action}`
**Total Permissions Count:** \~165 permissions across 7 modules + system
***
## Quick Reference
### Permission Status Legend
| Icon | Status | Description |
| ---- | ---------- | ------------------------------- |
| 🟢 | Active | Currently enforced in V2 system |
| 🟡 | Planned | Defined but not yet implemented |
| 🔴 | Deprecated | Being phased out |
### PF-26 Integration
Permissions marked with `📦` support object-level permissions via PF-26 (Object-Level Permissions).
This enables fine-grained access control beyond module-level permissions.
### Migration from minRole
| Legacy minRole | Replacement Permissions |
| ---------------- | ---------------------------------------------- |
| `readonly` | `*.view` permissions only |
| `staff` | `*.view` + `*.create` permissions |
| `site_admin` | `*.view` + `*.create` + `*.edit` + `*.approve` |
| `org_admin` | `*.admin` + all lower permissions |
| `platform_admin` | `system.platform.admin` + all permissions |
| `finance_admin` | `fa.admin` + full FA module access |
| `finance_staff` | `fa.*.view` + `fa.*.create` (no approve) |
***
## Usage Examples
### Check Permission in Component
```typescript theme={null}
import { useHasPermission, PermissionGate } from '@/platform/permissions';
// Hook-based check
const canViewEmployees = useHasPermission('hr.employees.view');
// Component-based gate
// Multiple permissions (OR logic)
```
### Check Permission in Navigation
```typescript theme={null}
// Navigation item with V2 permission (V2 is mandatory)
{
label: 'Employees',
path: '/hr/employees',
permission: 'hr.employees.view' // V2 (required)
}
```
### Check Permission in Service
```typescript theme={null}
import { PermissionService } from '@/platform/permissions';
// Async permission check
const hasAccess = await PermissionService.hasPermission(
userId,
organizationId,
'fa.invoices.approve'
);
```
***
## Permission Categories
* **view**: Read-only access to feature
* **create**: Create new records
* **edit**: Modify existing records
* **delete**: Delete records
* **approve**: Approve workflows, requests, or transactions
* **admin**: Full administrative access to feature/module
## HR Module (`hr`)
### People Management
| Permission Key | Name | Category | Description |
| ---------------------- | ------------------ | -------- | ------------------------------------ |
| `hr.employees.view` | View Employees | view | View employee directory and profiles |
| `hr.employees.create` | Create Employees | create | Add new employees to system |
| `hr.employees.edit` | Edit Employees | edit | Modify employee information |
| `hr.employees.delete` | Delete Employees | delete | Remove employees from system |
| `hr.org-chart.view` | View Org Chart | view | View organizational structure |
| `hr.org-chart.edit` | Edit Org Chart | edit | Modify organizational structure |
| `hr.departments.view` | View Departments | view | View department list |
| `hr.departments.admin` | Manage Departments | admin | Create, edit, delete departments |
| `hr.teams.view` | View Teams | view | View team structure |
| `hr.teams.admin` | Manage Teams | admin | Create, edit, delete teams |
### Applicant Tracking System (ATS)
| Permission Key | Name | Category | Description |
| ----------------------------- | -------------------- | -------- | ------------------------------------- |
| `hr.ats.view` | View ATS | view | Access to ATS module |
| `hr.ats.dashboard.view` | View ATS Dashboard | view | View recruiting metrics and analytics |
| `hr.ats.candidates.view` | View Candidates | view | View candidate profiles |
| `hr.ats.candidates.create` | Create Candidates | create | Add new candidates |
| `hr.ats.candidates.edit` | Edit Candidates | edit | Modify candidate information |
| `hr.ats.candidates.delete` | Delete Candidates | delete | Remove candidates |
| `hr.ats.applications.view` | View Applications | view | View job applications |
| `hr.ats.applications.create` | Create Applications | create | Create new applications |
| `hr.ats.applications.edit` | Edit Applications | edit | Modify application data |
| `hr.ats.applications.approve` | Approve Applications | approve | Approve/reject applications |
| `hr.ats.job-postings.view` | View Job Postings | view | View active job postings |
| `hr.ats.job-postings.create` | Create Job Postings | create | Post new job openings |
| `hr.ats.job-postings.edit` | Edit Job Postings | edit | Modify job postings |
| `hr.ats.job-postings.delete` | Delete Job Postings | delete | Remove job postings |
| `hr.ats.interviews.view` | View Interviews | view | View interview schedules |
| `hr.ats.interviews.create` | Schedule Interviews | create | Schedule new interviews |
| `hr.ats.interviews.edit` | Edit Interviews | edit | Modify interview details |
| `hr.ats.offers.view` | View Offers | view | View job offers |
| `hr.ats.offers.create` | Create Offers | create | Create job offers |
| `hr.ats.offers.approve` | Approve Offers | approve | Approve job offers |
| `hr.ats.analytics.view` | View ATS Analytics | view | View recruiting analytics |
| `hr.ats.admin` | ATS Administration | admin | Full ATS administrative access |
### Employee Lifecycle
| Permission Key | Name | Category | Description |
| ----------------------- | ------------------ | -------- | ------------------------------- |
| `hr.onboarding.view` | View Onboarding | view | View onboarding dashboards |
| `hr.onboarding.create` | Create Onboarding | create | Initiate onboarding processes |
| `hr.onboarding.edit` | Edit Onboarding | edit | Modify onboarding tasks |
| `hr.onboarding.admin` | Manage Onboarding | admin | Full onboarding administration |
| `hr.offboarding.view` | View Offboarding | view | View offboarding dashboards |
| `hr.offboarding.create` | Create Offboarding | create | Initiate offboarding processes |
| `hr.offboarding.admin` | Manage Offboarding | admin | Full offboarding administration |
| `hr.compliance.view` | View Compliance | view | View compliance status |
| `hr.compliance.edit` | Edit Compliance | edit | Update compliance records |
| `hr.compliance.admin` | Manage Compliance | admin | Full compliance administration |
### Time & Scheduling
| Permission Key | Name | Category | Description |
| ---------------------- | ----------------- | -------- | ----------------------------- |
| `hr.scheduling.view` | View Schedules | view | View employee schedules |
| `hr.scheduling.create` | Create Schedules | create | Create new schedules |
| `hr.scheduling.edit` | Edit Schedules | edit | Modify schedules |
| `hr.capacity.view` | View Capacity | view | View capacity planning |
| `hr.capacity.admin` | Manage Capacity | admin | Configure capacity settings |
| `hr.time-clock.view` | View Time Clock | view | View time clock data |
| `hr.time-clock.admin` | Manage Time Clock | admin | Configure time clock settings |
### Workload Planning
| Permission Key | Name | Category | Description |
| ------------------------------ | ----------------------- | -------- | ----------------------------------- |
| `hr.workload-drivers.view` | View Workload Drivers | view | View workload driver configurations |
| `hr.workload-drivers.admin` | Manage Workload Drivers | admin | Configure workload drivers |
| `hr.staffing-forecasts.view` | View Staffing Forecasts | view | View staffing forecast reports |
| `hr.staffing-forecasts.create` | Create Forecasts | create | Generate new forecasts |
### Timesheets
| Permission Key | Name | Category | Description |
| ---------------------------- | ----------------------- | -------- | ----------------------------- |
| `hr.timesheets.view` | View Own Timesheets | view | View personal timesheets |
| `hr.timesheets.create` | Create Timesheets | create | Submit timesheets |
| `hr.timesheets.edit` | Edit Own Timesheets | edit | Edit personal timesheets |
| `hr.timesheets.team.view` | View Team Timesheets | view | View team member timesheets |
| `hr.timesheets.team.approve` | Approve Team Timesheets | approve | Approve team timesheets |
| `hr.timesheets.admin` | Manage All Timesheets | admin | Full timesheet administration |
### Leave Management
| Permission Key | Name | Category | Description |
| ------------------------- | --------------------- | -------- | -------------------------------- |
| `hr.leave.view` | View Leave | view | View leave balances and requests |
| `hr.leave.request` | Request Leave | create | Submit leave requests |
| `hr.leave.edit` | Edit Own Leave | edit | Edit personal leave requests |
| `hr.leave.approve` | Approve Leave | approve | Approve/reject leave requests |
| `hr.leave.policies.view` | View Leave Policies | view | View leave policy configurations |
| `hr.leave.policies.admin` | Manage Leave Policies | admin | Configure leave policies |
| `hr.fmla.view` | View FMLA Cases | view | View FMLA case information |
| `hr.fmla.admin` | Manage FMLA Cases | admin | Full FMLA administration |
### HR Module Administration
| Permission Key | Name | Category | Description |
| ------------------ | ------------------------ | -------- | ------------------------------------ |
| `hr.admin` | HR Module Administration | admin | Full HR module administrative access |
| `hr.settings.view` | View HR Settings | view | View HR module settings |
| `hr.settings.edit` | Edit HR Settings | edit | Modify HR module settings |
## FA Module (`fa`)
### General Ledger
| Permission Key | Name | Category | Description |
| ---------------------------- | ------------------------ | -------- | ------------------------------- |
| `fa.journal-entries.view` | View Journal Entries | view | View journal entry transactions |
| `fa.journal-entries.create` | Create Journal Entries | create | Create new journal entries |
| `fa.journal-entries.edit` | Edit Journal Entries | edit | Modify journal entries |
| `fa.journal-entries.delete` | Delete Journal Entries | delete | Delete journal entries |
| `fa.journal-entries.approve` | Approve Journal Entries | approve | Approve journal entries |
| `fa.trial-balance.view` | View Trial Balance | view | View trial balance reports |
| `fa.recurring-entries.view` | View Recurring Entries | view | View recurring entry templates |
| `fa.recurring-entries.admin` | Manage Recurring Entries | admin | Create/edit recurring entries |
### Accounts Payable
| Permission Key | Name | Category | Description |
| ---------------------------- | ----------------------- | -------- | ---------------------------- |
| `fa.vendors.view` | View Vendors | view | View vendor list |
| `fa.vendors.create` | Create Vendors | create | Add new vendors |
| `fa.vendors.edit` | Edit Vendors | edit | Modify vendor information |
| `fa.purchase-orders.view` | View Purchase Orders | view | View purchase orders |
| `fa.purchase-orders.create` | Create Purchase Orders | create | Create new purchase orders |
| `fa.purchase-orders.approve` | Approve Purchase Orders | approve | Approve purchase orders |
| `fa.receipts.view` | View Receipts | view | View receipt records |
| `fa.receipts.create` | Create Receipts | create | Record new receipts |
| `fa.bills.view` | View Bills | view | View accounts payable bills |
| `fa.bills.create` | Create Bills | create | Enter new bills |
| `fa.bills.edit` | Edit Bills | edit | Modify bill information |
| `fa.bills.approve` | Approve Bills | approve | Approve bills for payment |
| `fa.payments.view` | View Payments | view | View payment records |
| `fa.payments.create` | Create Payments | create | Record payments |
| `fa.payments.approve` | Approve Payments | approve | Approve payment transactions |
### Accounts Receivable
| Permission Key | Name | Category | Description |
| ----------------------------- | ------------------------ | -------- | --------------------------------- |
| `fa.customers.view` | View Customers | view | View customer list |
| `fa.customers.create` | Create Customers | create | Add new customers |
| `fa.customers.edit` | Edit Customers | edit | Modify customer information |
| `fa.invoices.view` | View Invoices | view | View accounts receivable invoices |
| `fa.invoices.create` | Create Invoices | create | Generate new invoices |
| `fa.invoices.edit` | Edit Invoices | edit | Modify invoice information |
| `fa.invoices.approve` | Approve Invoices | approve | Approve invoices |
| `fa.customer-payments.view` | View Customer Payments | view | View customer payment records |
| `fa.customer-payments.create` | Create Customer Payments | create | Record customer payments |
| `fa.credit-memos.view` | View Credit Memos | view | View credit memo records |
| `fa.credit-memos.create` | Create Credit Memos | create | Create credit memos |
| `fa.credit-memos.approve` | Approve Credit Memos | approve | Approve credit memos |
### Bank Reconciliation
| Permission Key | Name | Category | Description |
| ---------------------------- | ----------------------- | -------- | ---------------------------- |
| `fa.bank-accounts.view` | View Bank Accounts | view | View bank account list |
| `fa.bank-accounts.admin` | Manage Bank Accounts | admin | Create/edit bank accounts |
| `fa.bank-statements.view` | View Bank Statements | view | View bank statement records |
| `fa.bank-statements.create` | Create Bank Statements | create | Import/enter bank statements |
| `fa.reconciliations.view` | View Reconciliations | view | View reconciliation records |
| `fa.reconciliations.create` | Create Reconciliations | create | Perform bank reconciliations |
| `fa.reconciliations.approve` | Approve Reconciliations | approve | Approve reconciliations |
### Budgeting
| Permission Key | Name | Category | Description |
| ------------------------ | -------------------- | -------- | --------------------------------- |
| `fa.budgets.view` | View Budgets | view | View budget plans |
| `fa.budgets.create` | Create Budgets | create | Create new budgets |
| `fa.budgets.edit` | Edit Budgets | edit | Modify budget plans |
| `fa.budgets.approve` | Approve Budgets | approve | Approve budget plans |
| `fa.budget-alerts.view` | View Budget Alerts | view | View budget variance alerts |
| `fa.budget-alerts.admin` | Manage Budget Alerts | admin | Configure budget alert thresholds |
### Reports
| Permission Key | Name | Category | Description |
| --------------------- | ---------------- | -------- | -------------------------- |
| `fa.reports.view` | View Reports | view | View financial reports |
| `fa.reports.create` | Create Reports | create | Generate new reports |
| `fa.reports.schedule` | Schedule Reports | create | Schedule automated reports |
| `fa.reports.admin` | Manage Reports | admin | Full report administration |
### Structure (Chart of Accounts, Funds, etc.)
| Permission Key | Name | Category | Description |
| ---------------------- | ------------------------ | -------- | -------------------------- |
| `fa.accounts.view` | View Chart of Accounts | view | View chart of accounts |
| `fa.accounts.admin` | Manage Chart of Accounts | admin | Create/edit accounts |
| `fa.funds.view` | View Funds | view | View fund list |
| `fa.funds.admin` | Manage Funds | admin | Create/edit funds |
| `fa.departments.view` | View Departments | view | View department list |
| `fa.departments.admin` | Manage Departments | admin | Create/edit departments |
| `fa.programs.view` | View Cost Programs | view | View cost program list |
| `fa.programs.admin` | Manage Cost Programs | admin | Create/edit cost programs |
| `fa.periods.view` | View Fiscal Periods | view | View fiscal period list |
| `fa.periods.admin` | Manage Fiscal Periods | admin | Create/edit fiscal periods |
### FA Module Administration
| Permission Key | Name | Category | Description |
| ---------------------------- | ----------------------------- | -------- | ------------------------------------ |
| `fa.admin` | Finance Module Administration | admin | Full FA module administrative access |
| `fa.settings.view` | View FA Settings | view | View FA module settings |
| `fa.settings.edit` | Edit FA Settings | edit | Modify FA module settings |
| `fa.approval-settings.admin` | Manage Approval Settings | admin | Configure approval workflows |
## RH Module (`rh`)
### Census & Operations
| Permission Key | Name | Category | Description |
| ---------------------- | ----------------- | -------- | ---------------------------- |
| `rh.residences.view` | View Residences | view | View residence list |
| `rh.residences.create` | Create Residences | create | Add new residences |
| `rh.residences.edit` | Edit Residences | edit | Modify residence information |
| `rh.episodes.view` | View Episodes | view | View resident episodes |
| `rh.episodes.create` | Create Episodes | create | Create new episodes |
| `rh.episodes.edit` | Edit Episodes | edit | Modify episode information |
### Resident Programs
| Permission Key | Name | Category | Description |
| -------------------- | --------------- | -------- | --------------------------- |
| `rh.programs.view` | View Programs | view | View resident program list |
| `rh.programs.create` | Create Programs | create | Create new programs |
| `rh.programs.edit` | Edit Programs | edit | Modify program information |
| `rh.programs.admin` | Manage Programs | admin | Full program administration |
### Safety & Compliance
| Permission Key | Name | Category | Description |
| ------------------------------ | ------------------------- | -------- | ------------------------------ |
| `rh.significant-events.view` | View Significant Events | view | View significant event reports |
| `rh.significant-events.create` | Create Significant Events | create | Report significant events |
| `rh.significant-events.edit` | Edit Significant Events | edit | Modify event reports |
| `rh.uds-tests.view` | View UDS Tests | view | View UDS test results |
| `rh.uds-tests.create` | Create UDS Tests | create | Record UDS test results |
| `rh.passes.view` | View Passes | view | View pass requests |
| `rh.passes.create` | Create Passes | create | Create pass requests |
| `rh.passes.approve` | Approve Passes | approve | Approve/reject pass requests |
| `rh.med-audits.view` | View Med Audits | view | View medication audit records |
| `rh.med-audits.create` | Create Med Audits | create | Conduct medication audits |
### Daily Operations
| Permission Key | Name | Category | Description |
| ----------------------------- | ------------------------- | -------- | ------------------------------ |
| `rh.schedule-templates.view` | View Schedule Templates | view | View schedule template list |
| `rh.schedule-templates.admin` | Manage Schedule Templates | admin | Create/edit schedule templates |
| `rh.attendance.view` | View Attendance | view | View attendance records |
| `rh.attendance.create` | Create Attendance | create | Record attendance |
| `rh.chores.view` | View Chores | view | View chore assignments |
| `rh.chores.admin` | Manage Chores | admin | Assign and manage chores |
| `rh.transport.view` | View Transport | view | View transport requests |
| `rh.transport.create` | Create Transport | create | Request transport |
| `rh.curfew-checks.view` | View Curfew Checks | view | View curfew check records |
| `rh.curfew-checks.create` | Create Curfew Checks | create | Record curfew checks |
### RH Module Administration
| Permission Key | Name | Category | Description |
| ------------------ | ------------------------------- | -------- | ------------------------------------ |
| `rh.admin` | Recovery Housing Administration | admin | Full RH module administrative access |
| `rh.settings.view` | View RH Settings | view | View RH module settings |
| `rh.settings.edit` | Edit RH Settings | edit | Modify RH module settings |
## FW Module (`fw`)
| Permission Key | Name | Category | Description |
| ----------------------- | ------------------------------- | -------- | ------------------------------------ |
| `fw.forms.view` | View Forms | view | View form list |
| `fw.forms.create` | Create Forms | create | Create new forms |
| `fw.forms.edit` | Edit Forms | edit | Modify form definitions |
| `fw.forms.delete` | Delete Forms | delete | Delete forms |
| `fw.submissions.view` | View Submissions | view | View form submissions |
| `fw.submissions.create` | Create Submissions | create | Submit forms |
| `fw.submissions.edit` | Edit Submissions | edit | Modify submissions |
| `fw.automations.view` | View Automations | view | View workflow automations |
| `fw.automations.create` | Create Automations | create | Create new automations |
| `fw.automations.edit` | Edit Automations | edit | Modify automations |
| `fw.approvals.view` | View Approvals | view | View pending approvals |
| `fw.approvals.approve` | Approve Workflows | approve | Approve workflow items |
| `fw.subflows.view` | View Subflows | view | View subflow definitions |
| `fw.subflows.admin` | Manage Subflows | admin | Create/edit subflows |
| `fw.analytics.view` | View Analytics | view | View form/workflow analytics |
| `fw.alerts.view` | View Workflow Alerts | view | View workflow alert configurations |
| `fw.alerts.admin` | Manage Workflow Alerts | admin | Configure workflow alerts |
| `fw.admin` | Forms & Workflow Administration | admin | Full FW module administrative access |
## LO Module (`lo`)
| Permission Key | Name | Category | Description |
| ------------------------ | ---------------------------- | -------- | ------------------------------------ |
| `lo.vision.view` | View Vision & Strategy | view | View organizational vision |
| `lo.vision.edit` | Edit Vision & Strategy | edit | Modify vision documents |
| `lo.accountability.view` | View Accountability Chart | view | View accountability structure |
| `lo.accountability.edit` | Edit Accountability Chart | edit | Modify accountability chart |
| `lo.goals.view` | View Goals | view | View organizational goals |
| `lo.goals.create` | Create Goals | create | Create new goals |
| `lo.goals.edit` | Edit Goals | edit | Modify goals |
| `lo.todos.view` | View To-Dos | view | View to-do list |
| `lo.todos.create` | Create To-Dos | create | Create new to-dos |
| `lo.todos.edit` | Edit To-Dos | edit | Modify to-dos |
| `lo.scorecards.view` | View Scorecards | view | View scorecard metrics |
| `lo.scorecards.admin` | Manage Scorecards | admin | Configure scorecards |
| `lo.meetings.view` | View Meetings | view | View meeting schedules |
| `lo.meetings.create` | Create Meetings | create | Schedule meetings |
| `lo.issues.view` | View Issues | view | View issue tracker |
| `lo.issues.create` | Create Issues | create | Report new issues |
| `lo.one-on-ones.view` | View 1-on-1s | view | View 1-on-1 schedules |
| `lo.one-on-ones.create` | Create 1-on-1s | create | Schedule 1-on-1s |
| `lo.feedback.view` | View Feedback | view | View feedback records |
| `lo.feedback.create` | Create Feedback | create | Submit feedback |
| `lo.assessments.view` | View Assessments | view | View assessment list |
| `lo.assessments.create` | Create Assessments | create | Create new assessments |
| `lo.knowledge.view` | View Knowledge Portal | view | View knowledge base |
| `lo.knowledge.create` | Create Articles | create | Create knowledge articles |
| `lo.knowledge.edit` | Edit Articles | edit | Modify knowledge articles |
| `lo.admin` | Leadership OS Administration | admin | Full LO module administrative access |
## FM Module (`fm`)
| Permission Key | Name | Category | Description |
| ------------------------ | ------------------------- | -------- | ------------------------------------- |
| `fm.work-orders.view` | View Work Orders | view | View work order list |
| `fm.work-orders.create` | Create Work Orders | create | Create new work orders |
| `fm.work-orders.edit` | Edit Work Orders | edit | Modify work orders |
| `fm.work-orders.approve` | Approve Work Orders | approve | Approve work orders |
| `fm.vendors.view` | View Vendors | view | View vendor list |
| `fm.vendors.create` | Create Vendors | create | Add new vendors |
| `fm.vendors.edit` | Edit Vendors | edit | Modify vendor information |
| `fm.inventory.view` | View Inventory | view | View inventory items |
| `fm.inventory.create` | Create Inventory | create | Add inventory items |
| `fm.inventory.edit` | Edit Inventory | edit | Modify inventory |
| `fm.pm-templates.view` | View PM Templates | view | View preventive maintenance templates |
| `fm.pm-templates.admin` | Manage PM Templates | admin | Create/edit PM templates |
| `fm.pm-schedules.view` | View PM Schedules | view | View preventive maintenance schedules |
| `fm.pm-schedules.admin` | Manage PM Schedules | admin | Create/edit PM schedules |
| `fm.admin` | Facilities Administration | admin | Full FM module administrative access |
## System Permissions
| Permission Key | Name | Category | Description |
| ---------------------------- | ----------------------- | -------- | ----------------------------------- |
| `system.users.view` | View Users | view | View user list |
| `system.users.create` | Create Users | create | Add new users |
| `system.users.edit` | Edit Users | edit | Modify user information |
| `system.roles.view` | View Roles | view | View role list |
| `system.roles.create` | Create Roles | create | Create custom roles |
| `system.roles.edit` | Edit Roles | edit | Modify role permissions |
| `system.organizations.view` | View Organizations | view | View organization list |
| `system.organizations.admin` | Manage Organizations | admin | Full organization administration |
| `system.platform.admin` | Platform Administration | admin | Full platform administrative access |