Who can use this: Everyone (reference page) URL / Route: n/a Plan / feature gate: Always on
Purpose
Solavel uses several different role names depending on which app you are in and which screen you are looking at. This page lists every user type, what they can and cannot reach, and how they get added.
Roles in the central app
These five roles live in the central Solavel database. They control who can open /admin/*, who can manage subscriptions, and who can invite team members. They are seeded by database/seeders/DatabaseSeeder.php.
Super Admin
- Who: Solavel staff. Created once by the seeder at
superadmin@solavel.com. - Access: Everything. Holds every permission in the system. Can open the super-admin-only sections of
/admin/*(roles, permissions, projects, plan editing, Send Email). - Dashboard:
/admin(admin shell). - How they are created: Seeder, or by another super-admin promoting an existing admin from the admins page.
Admin
- Who: Solavel staff who do not need full super-admin powers. Operations, support, customer success.
- Access: Everything in
/admin/*except the four super-admin-only areas (admin/roles/*,admin/permissions/*,admin/projects/*editing,admin/emails/*). Cannot edit role definitions or change plan structures. - Dashboard:
/admin. - How they are created: A super-admin invites them at
/admin/admins/create.
Organization Owner (client_owner)
- Who: The person who signed up for the client account. There is one owner per client by default.
- Access: Holds all 24 client-side permissions. Can create and edit organizations, invite team members, change plans, manage billing, and assign roles inside their own organizations. Cannot reach
/admin/*. - Dashboard:
/dashboardand the client portal at/portal/*. - How they are created: Automatically, when someone completes signup at
/registerand verifies their email.
Organization Manager (client_manager)
- Who: A team member who runs day-to-day operations but does not control money or permissions.
- Access: 16 of the 24 client permissions. Can manage organizations, projects, and most team members. Cannot assign roles, manage subscriptions, or change client-level settings.
- Dashboard: Same as Owner —
/dashboardand/portal/*. - How they are created: An owner adds them at Organization → Members and assigns the Manager role.
Organization Member (client_member)
- Who: A team member who only needs to view things or contribute to specific projects.
- Access: Five view-only permissions:
view-organization,view-team-member,access-organization,access-project,view-reports. - Dashboard:
/dashboardand/portal/*(most screens are read-only or hidden). - How they are created: Same as Manager — invited from Organization → Members.
Note: there are two parallel "role" concepts in the central app. The five names above are stored as Spatie roles on the
userstable. There is also auser_organizations.rolecolumn with the same string values that tracks per-organization membership. They normally agree, but they are written by different code paths. End users only ever see one of them in the UI.
Roles in Solabooks
Solabooks has its own role system that lives inside each organization's tenant database. These roles control what you can do once you are inside Solabooks — for example, who can post a journal entry, who can approve a purchase order, or who can lock a period.
Solabooks Owner
- Who: The person who first set up Solabooks for the organization. Usually the same person as the central Organization Owner.
- Access: Every Solabooks permission (261 distinct keys at last count). Can change taxes, archive accounts, unlock periods, delete data, manage users, and edit organization-level settings.
Solabooks Manager
- Who: A senior accounting staff member who runs the books day to day.
- Access: Almost everything except destructive or system-level actions: cannot manage users, cannot edit organization or settings, cannot change tax rates, cannot delete or archive accounts, cannot unlock or reopen periods, cannot approve or cancel sales/purchase orders, cannot delete fixed assets, and cannot perform any "delete permanently" / "delete hard" action.
Solabooks Accountant (member)
- Who: Day-to-day accountant. Books invoices, bills, receipts, journals.
- Access: Default-deny with a curated allow list. Can work in sales, purchases, payments, journals, banking, VAT returns, reports, suppliers, vendors, customers, supplier categories, and tasks. Cannot perform destructive deletes. Cannot reach settings or users. The exact allow and deny lists are in
FinanceRolePermissionSetSeeder.php.
Solabooks Approver
- Who: A reviewer who only signs off on fixed asset transactions.
- Access: Very narrow — view fixed assets, approve fixed assets, view fixed-asset reports, and view fixed-asset categories. Nothing else.
Note: Solabooks also has a Spatie role named
adminthat the route layer uses for the/admin/*shell inside Solabooks. Thatadminrole is separate from the four role keys above and is used for back-office Solabooks administration — it is not the same thing as the central app's Admin role.
Customer Portal Users
These are not Solavel users in the normal sense. They are your own customers, signing in to view invoices and quotes you have sent them.
- Who: A customer of yours that you have sent a portal link to. They sign in with their own email and a password they set up via a one-time link.
- Access: Only their own invoices, payments, quotes, and orders inside one of your organizations. They cannot see anything else and cannot reach
/dashboardor/admin/*. - Dashboard:
/finance/customer-portal/dashboard. - How they are created: From inside Solabooks (Customer record → "Send portal invite"). They receive an email with a 60-minute setup link.
Guest secure-link users
A "guest" in Solavel is someone clicking a one-off link you sent them — usually a quote acceptance, a shared project view, or a one-time document portal.
- Who: Anyone with the link. No login required.
- Access: Only the single document or page the link points at. The link expires after 24 hours (document portal links) or has its own per-link expiry (quotes, project shares).
- Dashboard: None — they see one document at a time.
- How they are created: You generate the link from inside Solabooks. The link itself is the credential.
Quick reference
| Role | Lives in | Sees /admin/*? |
Sees /portal/*? |
Sees /finance/*? |
|---|---|---|---|---|
| Super Admin | Central | yes (everything) | yes | yes (with org) |
| Admin | Central | yes (most) | yes | yes (with org) |
| Org Owner | Central | no | yes | yes |
| Org Manager | Central | no | yes (limited) | yes |
| Org Member | Central | no | yes (read-only) | yes |
| Solabooks Owner | Solabooks | no | (depends on central role) | yes (full) |
| Solabooks Manager | Solabooks | no | (depends on central role) | yes (most) |
| Solabooks Accountant | Solabooks | no | (depends on central role) | yes (transactions only) |
| Solabooks Approver | Solabooks | no | (depends on central role) | yes (fixed assets only) |
| Customer portal | Solabooks | no | no | only /finance/customer-portal/* |
| Guest secure link | n/a | no | no | only the linked page |