Roles & permissions
Control who can access what.
Overview
Katura uses a hierarchical role system to control access to admin features. Each team member is assigned one of four roles.
Role hierarchy
| Role | Level | Description |
|---|---|---|
| Owner | Highest | Full access to everything β settings, billing, payroll, analytics, destructive actions like order deletion |
| Manager | High | Access to most operational features β products, orders, customers, CRM, marketing, team management |
| Employee | Standard | Day-to-day operations β view products, process orders, manage assigned customers and tasks |
| Customer | Lowest | Storefront access only β place orders, view order history, manage profile |
How role checks work
Katura uses a hasMinimumRole() utility that checks if a user has at least the required role level. For example, a page requiring "Manager" access is accessible to Managers and Owners, but not Employees.
Note
Role changes take effect immediately. When you change a team member's role, their next page load will reflect the new permissions.
Sensitive actions
These actions require Owner role:
- Deleting orders
- Accessing payroll data
- Modifying billing and subscription settings
- Viewing full analytics data
- Managing store-level settings