10% OFF
Website Exclusive Promotion 10% discount for new customers. Offer expires 30th June 2026.
Use code: JIFFYWEB10
Buy Pro
Try Free

Plugin Documentation

Documentation
← Back

What is Role Based Access Control?

2 March 2026 jiffytrade Role Based Access Control (RBAC)

JiffyTrade includes a built-in Role Based Access Control (RBAC) system.

RBAC allows you to control exactly who can do what inside the plugin.

This protects:

  • Financial records
  • Sent documents
  • Paid invoices
  • Customer data
  • System configuration

Navigate to:

My Business → Settings → Permissions (RBAC)

🧠 What RBAC Controls

RBAC allows you to define the minimum role required to perform sensitive actions, including:

  • Viewing the dashboard
  • Creating and editing documents
  • Sending documents to customers
  • Marking invoices as paid
  • Unlocking locked documents
  • Permanently deleting documents
  • Managing backups
  • Accessing plugin settings

Instead of relying purely on WordPress default roles, JiffyTrade uses its own capability layer.

👑 Plugin Super Administrators

JiffyTrade introduces a special concept:

Plugin Super Administrators

These users:

  • Have full control over plugin settings
  • Can override RBAC minimum role restrictions
  • Are protected from accidental lockout
  • Retain recovery control of the system

This is separate from standard WordPress Administrators.

You may choose who holds this level of control.

🛡 Why RBAC Matters

Without structured permissions:

  • Staff could permanently delete invoices
  • Sent documents could be altered
  • Paid invoices could be modified
  • Financial history could be compromised

RBAC ensures:

✔ Sensitive actions are restricted
✔ Financial records remain accurate
✔ Accidental deletion is prevented
✔ Business integrity is protected

🔒 How RBAC Works with Document Locking

RBAC integrates directly with the locking system.

For example:

  • Only authorised roles can unlock a locked document
  • Only authorised roles can permanently delete from Trash
  • Only authorised roles can mark invoices as paid
  • Only authorised roles can send documents

Even if a document is visible, that does not mean it is editable.

🗑 Permanent Deletion Protection

For maximum protection, you can configure RBAC so that:

  • Staff may move documents to Trash
  • Only Plugin Super Administrators may permanently delete

Additionally:

Quotes with associated invoices cannot be permanently deleted until all related invoices are removed.

Customer records cannot be deleted while documents are linked to them.

The system enforces these protections automatically.

🔄 Recovery & Safeguards

If permissions are misconfigured:

  • Plugin Super Administrators retain recovery control
  • Core access cannot be completely locked out
  • System-level safeguards prevent total loss of control

This ensures the plugin cannot be accidentally bricked via RBAC settings.

🧩 Recommended RBAC Setup (Most Businesses)

For most teams:

  • Allow staff to create and edit documents
  • Allow staff to send documents
  • Allow staff to move documents to Trash
  • Restrict unlocking to managers
  • Restrict permanent deletion to Plugin Super Administrators
  • Restrict marking invoices as paid to trusted roles

This provides operational flexibility while protecting financial integrity.

🎯 What RBAC Enables

✔ Team collaboration
✔ Clear separation of responsibility
✔ Safer delegation
✔ Protection against staff errors
✔ Controlled financial authority

RBAC turns JiffyTrade from a document tool into a controlled business system.