Skip to content

Permission Overview

When a user logs in to HortiView, the platform creates a token with their permissions based on their farm organization role and their farm location roles. The permissions from that token can be used to check if the user has the permission to trigger a certain action or see certain content.

Info

At the moment, HortiView manages permissions on two levels in the main platform: organization and farm location. However, modules currently receive a token with organization-level permissions only. Location-specific permissions are not included in the module token yet.

Organization-Level Roles

Organization-level roles define what a user can do within an entire organization, regardless of individual farms or locations. Each organization type (Farmer / Vendor) has two primary roles:

• Admin

Has full control over the entire organization, including:

  • Organization profile and settings
  • Billing information (where applicable)
  • Organization members (invite, update, remove)
  • Organizational modules and subscriptions

Admin roles represent the highest privileges at organization scope.

• Member

Has access to the organization but with clearly limited permissions. Typically includes:

  • Reading basic organization data

Organization Members act as standard participants without administrative authority.

Role Management

Business owners registering on the platform have the opportunity to create an organization in HortiView. Users who create organizations are automatically administrators of that organization without restrictions.

When inviting an user (either via email or phone number) to an organization the organization admin can assign roles to users. The assignment is based on farm locations. Since each organization has at least one farm location, users must be a member of one or more farm locations.

Info

Even if a module has permission for a data area group like FarmOrganization, a "Farm Worker" cannot access or change alert rules if their token lacks that privilege. User access depends on the user-specific token, not just the module's data area permissions.