RBAC model
Orbex Data uses role-based access control (RBAC). Users receive one or more roles per branch. Permissions are additive—users with multiple roles receive the union of granted capabilities.
Principle of least privilege
Assign the narrowest role that supports daily work. Elevate to admin only for users who manage users, billing, or integrations.
Built-in roles
| Role | Typical user | Key permissions |
|---|---|---|
| Viewer | Customer service (read-only) | View shipments, milestones, documents |
| Operator | Operations coordinator | Edit shipments, add milestones, comment |
| Documentation | Doc specialist | Upload, validate, approve documents |
| Manager | Branch or team lead | Assign exceptions, bulk actions, reports |
| Finance | Accounting | View charges, ERP sync, accruals |
| Admin | IT / workspace owner | Users, roles, integrations, billing |
Permission categories
- Shipments: create, read, update, delete, export
- Documents: upload, approve, delete versions
- Exceptions: triage, assign, resolve, configure rules
- Analytics: view dashboards, build dashboards, export
- Integrations: manage carriers, API keys, webhooks
- Administration: users, roles, branches, audit logs
Branch scoping
Roles can be branch-scoped. A Singapore operator sees Singapore shipments by default but may receive cross-branch assignment on specific shipments.
Custom roles
Enterprise workspaces create custom roles by selecting permission checkboxes. Clone a built-in role as a starting point. Custom roles appear in user provisioning and SSO group mapping.
Document approval segregation
Separate upload and approve permissions so the same user cannot approve documents they uploaded—required by some shipper audit programs.
Service accounts
Service accounts are non-interactive users for API and integration jobs. Assign a dedicated role with minimum permissions—typically shipment read/write without admin or finance access.
Service account API keys inherit role permissions. Review quarterly and revoke unused keys.
