User and Permissions

- Centralized management of team members: view names, emails, status (Active/Pending), roles (Administrator/Staff), and owner indicators.

- Invite new members via a secure link.

- Approve pending members to grant access.

- Remove members no longer in your team.

- Transfer ownership (Team Owner) to an eligible staff member.

1. Click Invite (top right).

2. The system generates an invite link with your team_code and team_name.

3. Click Copy to copy the link and share it with your teammate.

4. Close the dialog when done.

- Required permission: Administrator.

- Visual reference: “Invite member” dialog showing the generated link and Copy button.

1. In Team Members, find a user with Status = Pending.

2. Click Approve (the action appears for pending users).

3. Confirm in the approval dialog.

4. The user’s status changes to Active; the list refreshes automatically.

- Required permission: Administrator.

- Visual reference: Pending status badge (yellow) and approval confirmation dialog.

1. In Team Members, find the user to remove.

2. Click Remove.

3. Confirm in the removal dialog.

4. The user is removed from the list.

- Required permission: Administrator.

- Visual reference: Remove confirmation dialog with user name details.

1. In Team Members, locate the Owner (crown icon badge).

2. Click Transfer ownership (available only if you are the current administrator and the row user is the Owner).

3. In the selection dialog, choose an Active Staff member (use search by name or email if needed).

4. Click Continue and then Confirm in the final dialog.

5. Ownership is transferred; you will lose administrator privileges.

- Required permission: Owner and current Administrator.

- Status badges:

- Active: green badge.

- Pending: yellow badge.

- Role badges:

- Administrator: blue badge.

- Staff: gray badge.

- Owner indicator:

- Crown icon “Owner” badge displayed for the creator/owner.

- Time display:

- “Joined” shows the member’s creation time converted from Beijing time to your team’s time zone.

This document provides a comprehensive guide to the Access Control System, covering how Administrators can manage team member permissions ("Access Editing") and how users can view their own assigned rights ("My Permissions").

The Access Control System allows for granular management of feature and page access within the application. It ensures that team members only have access to the tools and data relevant to their roles.

- Granularity: Permissions are controlled at the page/route level.

- Inheritance: Access to a parent module (e.g., "Ally AI Agent") facilitates access to its sub-features, but specific sub-features can be toggled individually.

- Default Access: Administrators and the Team Creator have full access to all modules by default.

Administrators can edit the permissions of other team members to grant or revoke access to specific pages.

1. Navigate to Team Settings:

- Go to Settings (gear icon) in the sidebar.

- Select Team Members (or "Members" from the user menu).

2. Open Access Control:

- Locate the team member you wish to manage in the user list.

- Click the "Access" button (often represented by a shield or lock icon) in the Actions column.

3. Configure Permissions:

- The "Access Control Dialog" will appear, displaying a tree view of all available application modules.

- Select All: Use the "Select All Pages" checkbox to quickly grant or revoke full access.

- Individual Selection:

- Check a box to grant access to a module.

- Uncheck a box to revoke access.

- Click the arrow (`>`) next to a category to expand it and manage sub-permissions (e.g., granting access to "Settings" but only specific sub-pages like "Billing").

4. Save Changes:

- Click the "Save Changes" button.

- The new permissions take effect immediately. The user may need to refresh their page or log in again for all UI elements to update.

Permission Logic

- Parent-Child Relationship: Selecting a parent category (like "Attribution") often auto-selects its children. Deselecting a child will put the parent in an "indeterminate" state (partial selection).

- Route Protection: Revoking access to a page (e.g., `/attribution`) prevents the user from navigating to it via the menu and blocks direct URL access (redirecting to a 403 Access Denied page).

Every user can view their own current permissions to understand what areas of the application they can access.

1. Open User Menu:

- Click on your "Avatar/Profile Picture" in the top-right corner of the application to open the user menu.

2. Select "My Permissions":

- Click on the "My Permissions" option (shield icon).

3. View Access Rights:

- The "Access Control Dialog" opens in "Read-Only Mode".

- You can browse the permission tree to see which modules are checked (allowed) and which are unchecked (restricted).

- You cannot make changes in this view.

- "Access Denied" (403 Error):

- If you encounter a 403 error page, it means you attempted to access a route you do not have permission for.

- Check "My Permissions" to verify your access rights.

- Contact your Team Administrator to request access if needed.

- Missing Menu Items:

- If a sidebar menu item is missing, it is likely hidden because you lack the required permission.