User Roles and Permissions
Next Level Booking implements a comprehensive role-based access control system with four distinct user roles. Each role has different permissions and capabilities within the system.
Role Hierarchy
The roles follow a hierarchical structure from highest to lowest privilege level:
- SYSTEM_ADMIN
- ORG_ADMIN
- ORG_MANAGER
- ORG_EMPLOYEE
Role Descriptions
SYSTEM_ADMIN
System Administrators have unrestricted access to all features and capabilities across the entire Next Level Booking platform.
Permissions:
- Access to all organizations and their data
- Create, view, update, and delete any user account
- Create, view, update, and delete any organization
- Access system-wide settings and configurations
- Perform system maintenance operations
- Access usage statistics and reports for all organizations
Notes:
- System Administrators are not associated with any specific organization
- Only System Administrators can create or delete other System Administrators
- System Administrator accounts should be strictly limited to necessary personnel
ORG_ADMIN
Organization Administrators have full administrative control within their specific organization but cannot access or modify data from other organizations.
Permissions:
- Create, view, update, and delete users within their organization
- Manage organization settings and configurations
- Access all properties and bookings within the organization
- View usage statistics and reports for their organization
- Cannot access data from other organizations
Notes:
- Organization Administrators can only be created by System Administrators
- Each organization should have at least one Organization Administrator
ORG_MANAGER
Organization Managers have elevated privileges within their organization but more limited than Organization Administrators.
Permissions:
- View all users within their organization
- Limited user management capabilities (cannot delete users)
- Create and manage properties within the organization
- Full access to booking management
- Access to organization reports and analytics
Notes:
- Organization Managers are ideal for property management teams
- Can be assigned to specific properties or management areas
ORG_EMPLOYEE
Organization Employees have basic access to the system for day-to-day operations.
Permissions:
- View and manage their own profile
- View properties within their organization
- Create and manage bookings
- View basic reports related to their activities
- No access to user management or system configuration
Notes:
- Default role for new users in the system
- Most users in an organization will have this role
Role Assignment
- New users are automatically assigned the ORG_EMPLOYEE role
- Role elevation requires administrator action:
- SYSTEM_ADMIN → Only by another System Administrator
- ORG_ADMIN → Only by a System Administrator
- ORG_MANAGER → By System Administrator or Organization Administrator
Implementation Details
User roles are implemented as an enum in the database schema:
enum UserRole {
SYSTEM_ADMIN
ORG_ADMIN
ORG_MANAGER
ORG_EMPLOYEE
}
Role checks are performed in both the frontend and backend:
- Frontend: UI elements and routes are conditionally rendered based on user role
- Backend: GraphQL resolvers check user role before executing operations
Example of a role check in a GraphQL resolver:
if (user.role !== UserRole.SYSTEM_ADMIN && user.role !== UserRole.ORG_ADMIN) {
throw new Error('Not authorized. Admin access required.');
}
Visual Representation
In the user interface, roles are represented by color-coded badges:
- SYSTEM_ADMIN: Red badge
- ORG_ADMIN: Yellow badge
- ORG_MANAGER: Blue badge
- ORG_EMPLOYEE: Green badge
This visual coding helps quickly identify user roles in listings and user management interfaces.