Role Management

Understanding and configuring roles in FreeMaint

5 min read

FreeMaint uses a role-based access control (RBAC) system to manage what each user can do. Every user is assigned a role that defines their permissions across the entire system.

What is a Role?

A role defines a set of permissions that determine what a user can do in FreeMaint. Each user is assigned exactly one role, and they inherit all the permissions associated with that role.

Predefined Roles

FreeMaint comes with 5 predefined roles to cover most organizational needs:

Administrator (ADMIN)

71 permissions

Full access to all company features. Can manage users, roles, assets, work orders, and all settings.

Manager (MANAGER)

54 permissions

Can manage teams, approve requests, assign work orders, and view reports. Cannot modify system settings.

Technician (TECHNICIAN)

14 permissions

Can view and complete assigned work orders, update asset status, and log time. Limited creation capabilities.

Requester (REQUESTER)

15 permissions

Can create intervention requests and track their status. Cannot access work orders or assets directly.

Viewer (VIEWER)

12 permissions

Read-only access. Can view assets, work orders, and reports but cannot make any changes.

How to Create a New Role

Create custom roles tailored to your organization's specific needs.

  1. Navigate to People โ†’ Roles in the sidebar
  2. Click the "Create Role" button
  3. Enter a name for the role (e.g., "Supervisor")
  4. Select the permissions you want to grant to this role
  5. Click "Save" to create the role

How to Modify Role Permissions

Adjust permissions for existing roles to match changing requirements.

  1. Navigate to People โ†’ Roles in the sidebar
  2. Click on the role you want to modify
  3. Check or uncheck permissions as needed
  4. Click "Save" to apply changes

Warning

Changes to a role affect all users assigned to that role immediately.

How to Assign a Role to a User

Assign the appropriate role when creating or editing a user.

  1. Navigate to People โ†’ Users in the sidebar
  2. Click on the user you want to modify
  3. In the "Role" dropdown, select the desired role
  4. Click "Save" to apply the change

Best Practices

Start with predefined roles - they cover most common use cases

Create custom roles only when predefined ones don't fit

Follow the principle of least privilege - give only necessary permissions

Document the purpose of each custom role you create

Regularly review role assignments to ensure they're still appropriate

Data Visibility

Each role has a "Data visibility" setting that controls which rows a user can see โ€” independently from their permissions.

  1. All company data โ€” The user sees every asset, work order, request, and PM in the company. Default for TECHNICIAN and REQUESTER.
  2. Only assigned / created โ€” The user only sees rows they are assigned to or that they created. Recommended for strict data partitioning.
  3. Team scope โ€” The user sees rows linked to teams they belong to or lead. If no team is configured for them, they see all company data (so the role is never a dead-end); strict team filtering resumes automatically once a team is assigned.

To change the data visibility for a role: navigate to People โ†’ Roles, open the role editor, find the "Data visibility" field, and choose the desired option.

Warning

With "Only assigned / created", requesters will only see assets they have been explicitly assigned. Make sure to assign all relevant assets before restricting the scope.

Info

If REQUESTER or TECHNICIAN is set to "Only assigned / created", users will only see assets assigned to them โ€” including in the new request / work order creation picker.

Info

Section-based example: if your plant is organized into responsible sections (e.g. Compressor, Building & Infrastructure, Electrical) and each section is set up as a Team, set the role your section members use (such as Technician) to โ€œTeam scopeโ€. Each user then sees only the work orders, assets and requests of the team(s) they belong to or lead โ€” not other sectionsโ€™. Choose this when you want technicians restricted to their own section rather than to individually assigned items.

Want to learn more about how individual permissions work?

View Permissions Guide

Was this page helpful?