Inventario SUD uses role-based access control (RBAC) to restrict sensitive operations to authorized accounts. Every user is assigned exactly one role at creation time, and that role determines which pages and actions are available to them. The system currently defines two roles: Obispo and a standard user role. Role checks are enforced server-side on every protected action — client-side UI differences are cosmetic only.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/ChrisCore1/inventario_sud/llms.txt
Use this file to discover all available pages before exploring further.
Role comparison
| Role | Permissions | Restrictions |
|---|---|---|
| Obispo | Full access to all features: create, edit, and delete user accounts; download SQL backup from Configuración; permanently delete items from the recycle bin; calibrate biometric data for any user; view audit log | None |
| Standard user | Access to assets (Activos), consumables (Consumibles), loans (Préstamos), and the dashboard; register and update their own biometric data | Cannot manage other users, cannot export backups, cannot permanently delete items from the recycle bin, cannot access the full user management panel |
How role checks work
Role validation happens in two places:-
Server actions — Functions such as
actualizarUsuario,borrarUsuario, and the backup API route callvalidarPermisosAdmin(), which fetches the current session user’s role from the database and returnsfalseif it is not"Obispo". The action exits early with an error if the check fails. -
Page-level rendering — The Configuración and audit log pages call
getCurrentUserRole()and pass the result to child components, which conditionally render admin controls based on the returned role name.
Role assignment happens at user creation time and can only be changed by an Obispo through the edit user form in Configuración. There is no self-service role upgrade path. See Create and manage users for instructions on updating a user’s role.