Roles and Permissions
InnoQualis EQMS uses role-based access control (RBAC) to ensure users can only access the modules and actions appropriate for their responsibilities. Each user is assigned a single role, and each role grants a defined set of permissions.
System roles
Section titled “System roles”The system includes six predefined roles. These roles are protected and cannot be edited or deleted by administrators. They provide the foundational access control for the system:
Full system access. Administrators can manage users, roles, permissions, and all quality modules. They have access to the Admin panel, system logs, and all configuration options.
QA_Team
Section titled “QA_Team”Quality assurance and compliance staff. QA_Team members have broad access to create, review, and approve records across all quality modules. They can manage templates, assign training, conduct audits, and generate reports. QA_Team members also have access to system logs.
Standard operational users. Users can read documents, create deviations and change control requests, complete assigned training, and create electronic signatures. They have read access to most modules but cannot approve records or manage system configuration.
Auditor
Section titled “Auditor”Internal auditors with read-only access to quality data. Auditors can view documents, deviations, CAPAs, training reports, equipment records, and supplier information. They can access audit modules but do not have global audit trail export capabilities.
External Auditor
Section titled “External Auditor”Limited read-only access for external audit personnel. External Auditors have similar permissions to internal Auditors and are typically invited for specific audit engagements.
Intern
Section titled “Intern”Minimal access. Interns can view the metrics dashboard and user directory only.
Permission matrix
Section titled “Permission matrix”The following table summarizes key permissions by role.
| Capability | Admin | QA_Team | User | Auditor | External Auditor | Intern |
|---|---|---|---|---|---|---|
| Documents — Create | Yes | Yes | — | — | — | — |
| Documents — Read | Yes | Yes | Yes | Yes | Yes | — |
| Documents — Approve/Make Effective | Yes | Yes | — | — | — | — |
| Deviations — Create | Yes | Yes | Yes | — | — | — |
| Deviations — Read | Yes | Yes | Yes | Yes | Yes | — |
| Deviations — Approve/Close | Yes | Yes | — | — | — | — |
| CAPA — Create/Update | Yes | Yes | — | — | — | — |
| CAPA — Read | Yes | Yes | Yes | Yes | Yes | — |
| CAPA — Approve/Close | Yes | Yes | — | — | — | — |
| Training — Assign | Yes | Yes | — | — | — | — |
| Training — Complete | Yes | Yes | Yes | — | — | — |
| Training — View Reports | Yes | Yes | — | Yes | Yes | — |
| Change Control — Create | Yes | Yes | Yes | — | — | — |
| Change Control — Read | Yes | Yes | Yes | Yes | Yes | — |
| Change Control — Approve | Yes | Yes | — | — | — | — |
| Equipment — Create/Update | Yes | Yes | — | — | — | — |
| Equipment — Read | Yes | Yes | Yes | Yes | Yes | — |
| Audit — Read | Yes | Yes | — | Yes | Yes | — |
| Audit — Create/Manage | Yes | Yes | — | — | — | — |
| Suppliers — Create/Update | Yes | Yes | — | — | — | — |
| Suppliers — Read | Yes | Yes | Yes | Yes | Yes | — |
| SCARs — Create/Update | Yes | Yes | — | — | — | — |
| SCARs — Read | Yes | Yes | Yes | Yes | Yes | — |
| Complaints — Create | Yes | Yes | Yes | — | — | — |
| Complaints — Read | Yes | Yes | Yes | Yes | Yes | — |
| Complaints — Investigate/Approve | Yes | Yes | — | — | — | — |
| Signatures — Create/Verify | Yes | Yes | Yes | — | — | — |
| Signatures — Read | Yes | Yes | Yes | Yes | Yes | — |
| Templates — Manage | Yes | Yes | — | — | — | — |
| Analytics — View | Yes | Yes | Yes | Yes | Yes | — |
| Admin Panel | Yes | Yes | — | — | — | — |
| System Logs | Yes | Yes | — | — | — | — |
| User Management | Yes | — | — | — | — | — |
Job roles
Section titled “Job roles”Job roles define specific job functions within your organization (for example, Quality Engineer, Lab Technician, Production Supervisor). Unlike system roles which control access permissions, job roles are used for:
- Training matrix configuration — Assign training requirements based on job function
- Competency tracking — Track qualifications by job role
- Organizational reporting — Filter and group users by their job function
Job roles are managed in the Admin panel under Roles > Job Roles. See Administration Panel for details on creating and managing job roles.
View your role and permissions
Section titled “View your role and permissions”- In the top-right corner, select your user avatar.
- Select Profile.
- On the Profile page, find your role displayed as a badge next to your name.
- Scroll down to the Permissions section to see all permissions grouped by module (for example, “documents”, “deviations”, “capa”). Each module heading shows the specific actions you can perform as badges (for example, “create”, “read”, “update”, “approve”).
Understand how permissions control navigation
Section titled “Understand how permissions control navigation”The left sidebar dynamically shows or hides modules based on your permissions:
- Modules requiring a specific permission (for example,
documents.read) only appear if your role grants that permission. - The Admin link requires the Admin or QA_Team role.
- If a module is not visible in your sidebar, you do not have access to it. Navigating directly via URL results in an access denied error.
Understand how permissions are enforced
Section titled “Understand how permissions are enforced”Permissions are enforced at two levels:
- Frontend — Navigation items and UI elements are hidden or disabled based on your permissions. This provides a clean interface showing only what you can use.
- Backend — Every API endpoint verifies permissions before processing requests. Even if a UI element were somehow accessible, the server rejects unauthorized actions with a 403 Forbidden response.