Permissions & Roles
Levy Fleets uses role-based access control (RBAC) to manage what team members can do within the dashboard. Each role has a predefined set of permissions appropriate for different job functions.
Overview
The permission system ensures:
- Security - Users only access what they need
- Accountability - Actions are tracked by user
- Flexibility - Roles match job responsibilities
- Scalability - Easy to onboard new team members
Role Hierarchy
Roles are organized from most to least privileged:
Super Admin / Global Admin (Levy Staff)
↓
Admin
↓
Fleet Manager
↓
Customer Support
↓
Analyst
↓
Service Technician
Available Roles
Admin
Full access including team management
Admins have complete control over their subaccount, including the ability to invite and manage other team members.
| Category | Permissions |
|---|---|
| Team | Invite, remove, update roles |
| Vehicles | Create, update, delete, status |
| Zones | Create, update, delete |
| Pricing | Configure and view |
| Customers | View, update, charge, block |
| Rides | View, update, refund |
| Analytics | Full access |
| Settings | View and update |
| IoT | View and manage |
Best for: Business owners, operations directors, account managers
Fleet Manager
Full operational access without team management
Fleet Managers can perform all day-to-day operations but cannot invite or remove team members.
| Category | Permissions |
|---|---|
| Team | None |
| Vehicles | Create, update, delete, status |
| Zones | Create, update, delete |
| Pricing | Configure and view |
| Customers | View, update, charge, block |
| Rides | View, update, refund |
| Analytics | Full access |
| Settings | View and update |
| IoT | View and manage |
Best for: Operations managers, fleet supervisors, shift leads
Customer Support
Handle customer issues without pricing or zone access
Customer Support can help customers and manage rides but cannot modify pricing or zones.
| Category | Permissions |
|---|---|
| Team | None |
| Vehicles | Status only |
| Zones | None |
| Pricing | View only |
| Customers | View, update, charge, block |
| Rides | View, update, refund |
| Analytics | View |
| Settings | View only |
| IoT | View only |
Best for: Customer service representatives, support agents
Analyst
View-only access to reports and data
Analysts can view all data but cannot make changes that affect operations or finances.
| Category | Permissions |
|---|---|
| Team | None |
| Vehicles | None |
| Zones | None |
| Pricing | View only |
| Customers | View only |
| Rides | View only |
| Analytics | View |
| Settings | View only |
| IoT | View only |
Best for: Business analysts, reporting staff, financial reviewers
Service Technician
Vehicle control, IoT commands, and view rides/zones
Service Technicians focus on vehicle maintenance, battery swaps, and repositioning. They can view rides and zones to locate vehicles and understand usage patterns.
| Category | Permissions |
|---|---|
| Team | None |
| Vehicles | Status only (lock, unlock, battery compartment) |
| Zones | View only |
| Pricing | None |
| Customers | None |
| Rides | View only |
| Analytics | None |
| Settings | View only |
| IoT | View and manage |
Best for: Maintenance staff, field technicians, battery swap crews, repositioning teams
Permission Categories
Team Management
Control who can manage team members:
| Permission | Description |
|---|---|
team:invite | Send invitations to new team members |
team:remove | Remove team members from account |
team:update_role | Change a team member's role |
Admin Only
Only users with the Admin role can manage team members. This prevents privilege escalation.
Vehicle Management
Control vehicle operations:
| Permission | Description |
|---|---|
vehicle:create | Add new vehicles to the fleet |
vehicle:update | Edit vehicle information |
vehicle:delete | Remove vehicles from the fleet |
vehicle:update_status | Change vehicle status (available, maintenance, etc.) |
Zone Management
Control service area configuration:
| Permission | Description |
|---|---|
zone:create | Create new zones |
zone:update | Edit zone boundaries and settings |
zone:delete | Remove zones |
Pricing Management
Control pricing configuration:
| Permission | Description |
|---|---|
pricing:configure | Change pricing rates and rules |
pricing:view | View pricing configuration |
Customer Management
Control customer operations:
| Permission | Description |
|---|---|
customer:view | View customer profiles and history |
customer:update | Edit customer information |
customer:charge | Charge customer wallets |
customer:bonus | Add bonus credits to wallets |
customer:block | Block customers from service |
customer:unblock | Unblock previously blocked customers |
Ride Management
Control ride operations:
| Permission | Description |
|---|---|
ride:view | View ride details and history |
ride:update | Edit ride information |
ride:refund | Process ride refunds |
IoT Management
Control IoT device operations:
| Permission | Description |
|---|---|
iot:view | View IoT device information |
iot:manage | Configure and command IoT devices |
Settings Management
Control account settings:
| Permission | Description |
|---|---|
settings:view | View account settings |
settings:update | Modify account settings |
Permission Matrix
Quick Reference
| Permission | Admin | Fleet Manager | Customer Support | Analyst | Service Tech |
|---|---|---|---|---|---|
| Team Management | ✅ | ❌ | ❌ | ❌ | ❌ |
| Vehicle CRUD | ✅ | ✅ | ❌ | ❌ | ❌ |
| Vehicle Status | ✅ | ✅ | ✅ | ❌ | ✅ |
| Zone Management | ✅ | ✅ | ❌ | ❌ | ❌ |
| Zone View | ✅ | ✅ | ✅ | ✅ | ✅ |
| Pricing Configure | ✅ | ✅ | ❌ | ❌ | ❌ |
| Pricing View | ✅ | ✅ | ✅ | ✅ | ❌ |
| Customer Actions | ✅ | ✅ | ✅ | ❌ | ❌ |
| Customer View | ✅ | ✅ | ✅ | ✅ | ❌ |
| Ride Refund | ✅ | ✅ | ✅ | ❌ | ❌ |
| Ride View | ✅ | ✅ | ✅ | ✅ | ✅ |
| Analytics | ✅ | ✅ | ✅ | ✅ | ❌ |
| Settings Update | ✅ | ✅ | ❌ | ❌ | ❌ |
| IoT Manage | ✅ | ✅ | ❌ | ❌ | ✅ |
Assigning Roles
When Inviting Team Members
Navigate to Team
Go to Dashboard → Settings → Team.
Click Invite
Click the Invite Team Member button.
Enter Email
Enter the new member's email address.
Select Role
Choose the appropriate role from the dropdown.
Send Invitation
Click Send Invite to send the invitation email.
Changing Existing Roles
Navigate to Team
Go to Dashboard → Settings → Team.
Find Team Member
Locate the team member in the list.
Click Edit
Click the edit or role dropdown.
Select New Role
Choose the new role.
Confirm Change
Save the changes.
Role Changes Take Effect Immediately
When you change a team member's role, their permissions update immediately. They may need to refresh their browser to see the changes reflected in the UI.
Best Practices
Principle of Least Privilege
Assign the minimum permissions needed for each role:
- Start restrictive - Begin with fewer permissions
- Upgrade as needed - Add access when justified
- Review regularly - Audit roles periodically
- Remove promptly - Revoke access when no longer needed
Role Selection Guide
| If they need to... | Assign Role |
|---|---|
| Manage the team and all operations | Admin |
| Run daily operations without team management | Fleet Manager |
| Help customers and process refunds | Customer Support |
| View reports and analyze data | Analyst |
| Swap batteries, reposition vehicles, manage IoT | Service Technician |
Security Considerations
- Limit Admin accounts - Only key personnel should have Admin access
- Separate duties - Don't give everyone the same role
- Audit access - Review who has access periodically
- Remove inactive users - Promptly remove departed employees
Troubleshooting
Permission Denied Errors
If a user sees "Insufficient permissions":
- Check their current role in Team settings
- Verify the required permission for the action
- Upgrade their role if appropriate
- Have them refresh their browser
Can't Invite Team Members
Only Admin role can invite others:
- Verify you have Admin role
- Check you're on the correct subaccount
- Ensure the email is valid and unique
Role Not Updating
If role changes aren't applying:
- Have the user log out and back in
- Clear browser cache
- Check for any error messages
- Verify the change was saved
API Permission Checks
For developers integrating via API, permissions are enforced on all endpoints:
// Example error response
{
"error": "Insufficient permissions. Required: pricing:configure",
"status": 403
}
The Partner API uses separate API key permissions, not dashboard roles.
Secure Access Control
A well-configured permission system protects your business data while enabling your team to work efficiently. Review your team roles regularly to ensure everyone has appropriate access.