User management
The user management allows users to be assigned roles, thereby managing permissions for various actions and access within the platform. Users can decide to use preconfigured roles with static rights or create custom roles with individual rights.
Core concepts
Roles
A role is a set of permissions that can be assigned to a user. Each user in the system can be assigned one or more roles. Roles can either be:
Preconfigured: With a fixed set of permissions.
Custom: Defined by administrators with appropriate permissions.
Permissions
Permissions define access to specific functionalities (i.e., access to specific endpoints) such as viewing users or creating orders. Permissions are always assigned to roles, not directly to users.
Context limitations
To restrict access within permissions, roles can be associated with context limitations. These limit a user’s access to specific parts of the system.
Available context types:
Facility: Access is limited to specific facilities.
Zone: Access is limited to a specific zone.
Userroles: Access is limited to users who have roles with the defined roles. Also, it limits the roles that can be assigned to other users.
Context limitations on roles vs users
A context limitation can be set either on role level or per user assignment.
If a role has no context limitation of a given type, it can define one of that type during user assignment. For example, limiting a supervisor to their facility.
If a role has a context limitation, it applies to all users with that role. User-specific limitations of the same type are then not allowed.
Managing users
Creating users
Users can only be created by users with the user_write
permission.
Requirements:
The username must be unique.
Umlauts are automatically converted (e.g.,
ö
→oe
,ß
→ss
).Password must be at least 6 characters long.
A primary language can be assigned.
Editing and deleting users
Users with the
USER_MODIFY
permission can edit other users or assign roles to them.Users can delete themselves or be deleted by others with appropriate permissions.
If a user loses access to required permissions (e.g., by role removal or facility reassignment), they are immediately logged out.
Any pending tasks (e.g., pick jobs) are reset and made available again.
Assigning roles
Not only administrators can assign roles — any user with the
USER_MODIFY
permission can do so.When assigning a role, the assigner’s context limitations are enforced to avoid privilege escalation.
Users can only assign roles that fall within their own role context limitations.
Managing roles
The ROLE_WRITE
permission allows you to create custom roles.
When you change the permissions of a role, the updated permissions take effect immediately for all users who have that role. However, short delays (up to 5 minutes) may occur for technical reasons.
Roles can be deleted, but only if they are not currently assigned to any users. Preconfigured roles cannot be modified or deleted. Each role name must be unique.
Privilege escalation
This section describes safeguards against privilege escalation during role assignment.
Rule 1: Enforced Context Inheritance
If a user with context limitations assigns a role to another user, the assigned user must:
Receive the same or stricter context limitations.
Not receive broader or fewer restrictions than the assigning user has.
✅ Allowed: A user limited to
Zone A
,Zone B
assigns a role to a user which is also limited toZone A
,Zone B
, or further restricted to a single zone like onlyZone A
. ❌ Not allowed: A user limited toZone A
assigns a role to a user without any zone limitation.
Rule 2: Roles With USER_MODIFY
USER_MODIFY
Any role that includes the USER_MODIFY
permission grants the ability to assign arbitrary roles — including administrator-level roles — unless specifically constrained by a Userrole
context limitation.
To prevent unintended elevation, it is recommended to:
Always define a context limitation of type
Userrole
on such roles.Ensure the limitation restricts what roles can be assigned (e.g., exclude
ADMINISTRATOR
).
This ensures that users with the USER_MODIFY
permission cannot escalate privileges beyond intended boundaries.
Last updated