Meneja uses a role-based access control system to determine what each user can see and do in the dashboard. Every user is assigned one or more roles, and each role carries a specific set of permissions. The dashboard checks these permissions before granting access to any page or action. Understanding the role hierarchy helps you give team members the right level of access without over-provisioning.
The four roles
Meneja defines four built-in roles:
| Role | Who it is for |
|---|
super | Platform owners who need full, cross-tenant access. A super admin can manage all tenants, configure billing globally, and assign roles across the platform. |
admin | Tenant administrators who manage a single tenant. Admins control their tenant’s settings, branding, enabled modules, user roster, and billing configuration. |
sub_admin | Day-to-day operators within a tenant. Sub-admins can manage products, vendors, and orders, but cannot change tenant-level settings or billing. |
support | Support agents who need read access to diagnose customer issues. Support users can view records but cannot make changes to settings or data. |
A user can hold multiple roles simultaneously. The permissions they receive are the union of all roles assigned to them. When any assigned role grants the * wildcard permission — as the super role does — the user has unrestricted access.
resource:action, for example tenants:create or products:read. The dashboard evaluates these permissions to decide whether to show a navigation item, allow a form submission, or expose an API action.
Common permissions in the dashboard include:
| Permission | What it controls |
|---|
tenants:read | View the tenant list and individual tenant details |
tenants:create | Create new tenant accounts |
tenants:update | Edit tenant settings, branding, and module configuration |
categories:read | View product categories |
vendors:read | View vendor listings |
products:read | View products and services |
products:create | Add new products |
products:update | Edit existing products |
orders:read | View order records, deliveries, and transactions |
users:read | View the user list |
roles:read | View the roles list |
You do not assign individual permissions to users directly. Permissions are determined by the role or roles each user holds. To manage roles and their associated permissions, go to Administration → Users in the sidebar.
How roles control dashboard access
The navigation sidebar only shows items the current user has permission to see. If you do not have the required permission for a section, that item is hidden entirely — you will not see an error page.
The table below shows which dashboard areas each role can typically access:
| Dashboard area | support | sub_admin | admin | super |
|---|
| View tenants | ✓ | ✓ | ✓ | ✓ |
| Edit tenant settings | | | ✓ | ✓ |
| Manage branding | | | ✓ | ✓ |
| Toggle modules | | | ✓ | ✓ |
| View categories | ✓ | ✓ | ✓ | ✓ |
| View vendors | ✓ | ✓ | ✓ | ✓ |
| View products | ✓ | ✓ | ✓ | ✓ |
| Create / edit products | | ✓ | ✓ | ✓ |
| View orders | ✓ | ✓ | ✓ | ✓ |
| Manage users | | | ✓ | ✓ |
| Manage roles | | | ✓ | ✓ |
| Configure billing | | | | ✓ |
| Manage all tenants | | | | ✓ |
Super admin vs. admin
The key distinction between super and admin is scope:
- A super admin operates at the platform level. They can create, view, edit, and deactivate any tenant on the platform, and they have unrestricted access to all sections of the dashboard regardless of which tenant context is active.
- An admin operates within their own tenant. They have full control over their tenant’s configuration, users, and data, but they cannot access or affect other tenants on the platform.
Always ensure at least one user holds the super role. Removing the only super admin from your platform will lock you out of cross-tenant administration and billing configuration.
When onboarding a new team member, start them on the support role. Once you understand what they need access to, you can elevate them to sub_admin or admin as appropriate.