Role Management
Understanding and configuring roles in FreeMaint
FreeMaint uses a role-based access control (RBAC) system to manage what each user can do. Every user is assigned a role that defines their permissions across the entire system.
What is a Role?
A role defines a set of permissions that determine what a user can do in FreeMaint. Each user is assigned exactly one role, and they inherit all the permissions associated with that role.
Predefined Roles
FreeMaint comes with 5 predefined roles to cover most organizational needs:
Administrator (ADMIN)
Full access to all company features. Can manage users, roles, assets, work orders, and all settings.
Manager (MANAGER)
Can manage teams, approve requests, assign work orders, and view reports. Cannot modify system settings.
Technician (TECHNICIAN)
Can view and complete assigned work orders, update asset status, and log time. Limited creation capabilities.
Requester (REQUESTER)
Can create intervention requests and track their status. Cannot access work orders or assets directly.
Viewer (VIEWER)
Read-only access. Can view assets, work orders, and reports but cannot make any changes.
How to Create a New Role
Create custom roles tailored to your organization's specific needs.
- Navigate to People โ Roles in the sidebar
- Click the "Create Role" button
- Enter a name for the role (e.g., "Supervisor")
- Select the permissions you want to grant to this role
- Click "Save" to create the role
How to Modify Role Permissions
Adjust permissions for existing roles to match changing requirements.
- Navigate to People โ Roles in the sidebar
- Click on the role you want to modify
- Check or uncheck permissions as needed
- Click "Save" to apply changes
Warning
How to Assign a Role to a User
Assign the appropriate role when creating or editing a user.
- Navigate to People โ Users in the sidebar
- Click on the user you want to modify
- In the "Role" dropdown, select the desired role
- Click "Save" to apply the change
Best Practices
Start with predefined roles - they cover most common use cases
Create custom roles only when predefined ones don't fit
Follow the principle of least privilege - give only necessary permissions
Document the purpose of each custom role you create
Regularly review role assignments to ensure they're still appropriate
Data Visibility
Each role has a "Data visibility" setting that controls which rows a user can see โ independently from their permissions.
- All company data โ The user sees every asset, work order, request, and PM in the company. Default for TECHNICIAN and REQUESTER.
- Only assigned / created โ The user only sees rows they are assigned to or that they created. Recommended for strict data partitioning.
- Team scope โ The user sees rows linked to teams they belong to or lead. If no team is configured for them, they see all company data (so the role is never a dead-end); strict team filtering resumes automatically once a team is assigned.
To change the data visibility for a role: navigate to People โ Roles, open the role editor, find the "Data visibility" field, and choose the desired option.
Warning
Info
Info
Want to learn more about how individual permissions work?
View Permissions GuideWas this page helpful?