Access Control (ACL)

Roles & Permissions

Granular permission management using Filament Shield.

The platform utilizes a comprehensive Role-Based Access Control (RBAC) system. Permissions are strictly guarded by policies generated via Filament Shield. Roles can be assigned to Super Admin staff to limit their access to specific modules (e.g., Billing vs Support).

System Roles

super_admin

God-mode access. Has * permission. Cannot be deleted or modified.

Immutable

support_agent

Can view Tenants, manage Tickets, and impersonate users. Cannot access Billing or System Settings.

Customizable

billing_manager

Full access to Invoices, Plans, and Stripe settings. No access to tenant data.

Customizable

Permission Matrix

Resource / Module Super Admin Support Billing
Platform Settings
Create/Delete Tenants
View Tenant Details
Impersonate Users
Manage Invoices & Plans

How to create a new Role

  1. Navigate to System > Roles.
  2. Click the Create Role button.
  3. Name the role (e.g., content_moderator).
  4. Toggle the specific permissions resources (e.g., view_any_post, update_post).
  5. Save the role. It will immediately be available in the Staff creation form.

LabelStack - Music Distribution Platform

Roles & Permissions Module v1.2.0