Users and Access explains how people get into the system and what they are allowed to do once they arrive.
User Manager owns user records. Use it for account-level work such as reviewing users, account state, profile details, and related user administration.
Permissions are named access rules, such as permission to view, edit, publish, manage, or use a frontend feature.
Roles bundle permissions for a job type. For example, an editor role may include content permissions, while a support role may include ticket permissions.
Groups collect users for organization or access decisions. Groups should not become secret permission buckets. Permissions stay governed through the Permissions system.
Super Admin is the emergency master key. Use it carefully. It can bypass normal permission checks, so it should be reserved for trusted operators and recovery situations.
Frontend features can also use roles, groups, and permissions. A member-only page, a role-restricted feature, or a permission-gated ticket form should all use the same central access model.
Assign access through roles and groups when possible. Direct user overrides should be deliberate and easy to explain later.
Updated: 2026-05-07 01:46:28