Skip to main content

Overview

TechCore Mini ERP implements a role-based access control system where each user is assigned to a role. Roles define the permissions and access levels that determine what actions users can perform within the system.

Role Entity

Roles are stored in the rol table with the following properties:
Id
int
required
Unique identifier for the role (auto-incremented)
NombreRol
string
required
Name of the role (max 100 characters)
Habilitado
bool
Indicates whether the role is active/enabled (defaults to true)

Database Schema

CREATE TABLE rol(
    id INT IDENTITY(1,1) PRIMARY KEY,
    nombreRol VARCHAR(100) NOT NULL,
    habilitado BIT DEFAULT 1
)

Indexes

The roles table includes:
  • IDX_rol_habilitado: Index on the habilitado field to efficiently filter active roles

Role-User Relationship

Each role can be assigned to multiple users, establishing a one-to-many relationship:

One-to-Many

A single role can be assigned to multiple users in the system.

Required Assignment

Every user must have a role assigned via the idrol foreign key constraint.

Role Management

Creating Roles

When creating a new role:
  1. Define a clear, descriptive NombreRol (e.g., “Administrator”, “Sales Manager”, “Warehouse Staff”)
  2. Set Habilitado to true (or leave as default) to activate the role
  3. Ensure the role name reflects the permissions it will grant
Use descriptive role names that clearly indicate the level of access, such as:
  • Administrator
  • Sales Manager
  • Purchase Manager
  • Inventory Clerk
  • View Only

Enabling/Disabling Roles

Roles can be enabled or disabled without deleting them:
  • Enabled (Habilitado = 1): Users assigned to this role can access the system
  • Disabled (Habilitado = 0): Users assigned to this role may have restricted access
Disabling a role affects all users assigned to that role. Ensure you understand the impact before disabling a role that has active users.

Deleting Roles

Roles cannot be deleted if they have associated users due to the foreign key constraint from the users table. You must either:
  • Reassign all users to different roles first, or
  • Disable the role using Habilitado = 0

Model Reference

The C# model for Role (TechCore.Models.Rol) includes: 
public partial class Rol
{
    public int Id { get; set; }
    public string NombreRol { get; set; } = null!;
    public bool? Habilitado { get; set; }

    // Navigation property
    public virtual ICollection<User> Users { get; set; } = new List<User>();
}

Access Control Implementation

Role-Based Authorization

The role system enables implementing authorization checks throughout the application: 
// Example: Restrict access based on role
if (currentUser.IdrolNavigation.NombreRol != "Administrator")
{
    return Forbid();
}

Common Role Configurations

Full access to all system features including:
  • User management
  • Role configuration
  • System settings
  • All business operations (sales, purchases, inventory)
  • Reports and analytics
Access to sales-related features:
  • Create and manage sales orders
  • View customer information
  • Access sales reports
  • Manage credit sales and payment plans
Access to purchasing operations:
  • Create and manage purchase orders
  • Manage supplier information
  • View inventory levels
  • Access purchase reports
Limited access to inventory functions:
  • View product information
  • Update stock levels
  • View stock alerts
  • Limited reporting capabilities
Read-only access:
  • View reports
  • View customer and product information
  • No create, update, or delete permissions

Security Considerations

1

Principle of Least Privilege

Assign users only the minimum permissions required to perform their job functions
2

Regular Audits

Periodically review role assignments to ensure users have appropriate access levels
3

Separation of Duties

Avoid giving single roles excessive permissions that could lead to conflicts of interest
4

Monitor Disabled Roles

Track which roles are disabled and verify that associated users are appropriately handled

Querying Roles

Get All Active Roles

SELECT * FROM rol WHERE habilitado = 1

Get Users by Role

SELECT u.id, u.code, u.nombre, u.username, r.nombreRol
FROM users u
INNER JOIN rol r ON u.idrol = r.id
WHERE r.nombreRol = 'Administrator'
AND r.habilitado = 1

Count Users per Role

SELECT r.nombreRol, COUNT(u.id) as TotalUsers
FROM rol r
LEFT JOIN users u ON r.id = u.idrol
GROUP BY r.id, r.nombreRol
ORDER BY TotalUsers DESC

Best Practices

Role Naming

Use clear, business-oriented names that reflect job functions rather than technical permissions

Default Roles

Create a default role for new users with minimal permissions

Role Documentation

Maintain documentation of what each role can access and perform

Testing

Test role permissions thoroughly before deploying to production

Build docs developers (and LLMs) love

Get started for freeTalk to us