Roles & permissions
RBAC permission matrix (enforced in backend + RLS)
| Permission | Owner / Admin | Claims Handler | Resqly Handler | Fraud / Risk Reviewer | Finance | Support | API / Integration Manager | Read-only Viewer |
|---|---|---|---|---|---|---|---|---|
| incidents.read | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| incidents.create | ✓ | ✓ | ||||||
| incidents.update | ✓ | ✓ | ✓ | |||||
| incidents.export | ✓ | |||||||
| claims.read | ✓ | ✓ | ✓ | ✓ | ✓ | |||
| claims.submit | ✓ | ✓ | ||||||
| claims.approve | ✓ | ✓ | ||||||
| tow_jobs.read | ✓ | ✓ | ✓ | ✓ | ✓ | |||
| tow_jobs.dispatch | ✓ | |||||||
| tow_jobs.accept | ||||||||
| tow_jobs.complete | ||||||||
| vehicles.manage | ✓ | |||||||
| drivers.manage | ||||||||
| billing.read | ✓ | ✓ | ✓ | |||||
| billing.manage | ✓ | ✓ | ||||||
| white_label.manage | ✓ | |||||||
| api_keys.manage | ✓ | ✓ | ||||||
| webhooks.manage | ✓ | ✓ | ||||||
| audit_logs.read | ✓ | ✓ |