{% extends "base.html" %} {% from "macros.jinja" import window_vars with context %} {% block scripts %} {{ window_vars(user) }} {% endblock %} {% block page %}
🔐 Permission Management

Manage user access to expense accounts

Admin access required Bulk Grant Grant to multiple users
Admin Access Required: You must be a super user to manage permissions.

No permissions or roles assigned yet

User: {% raw %}{{ userId }}{% endraw %}
Assign role to user
Assigned Roles
{% raw %}{{ getRoleName(userRole.role_id) }}{% endraw %} Click to view role details | Click X to revoke
Direct Permissions
{% raw %}{{ getAccountName(perm.account_id) }}{% endraw %} {% raw %}{{ getPermissionLabel(perm.permission_type) }}{% endraw %} Direct Granted: {% raw %}{{ formatDate(perm.granted_at) }}{% endraw %} Expires: {% raw %}{{ formatDate(perm.expires_at) }}{% endraw %} {% raw %}{{ perm.notes }}{% endraw %} Revoke Permission
No direct permissions (permissions inherited from roles)

No permissions granted yet

{% raw %}{{ getAccountName(accountId) }}{% endraw %}
{% raw %}{{ perm.user_id }}{% endraw %} {% raw %}{{ getPermissionLabel(perm.permission_type) }}{% endraw %} Granted: {% raw %}{{ formatDate(perm.granted_at) }}{% endraw %} Expires: {% raw %}{{ formatDate(perm.expires_at) }}{% endraw %} {% raw %}{{ perm.notes }}{% endraw %} Revoke Permission
Admin access required

No roles configured yet

{% raw %}{{ role.name }}{% endraw %} DEFAULT
{% raw %}{{ role.description }}{% endraw %}
{% raw %}{{ role.user_count }}{% endraw %} user(s) {% raw %}{{ role.permission_count }}{% endraw %} permission(s)
View Details Edit Role Delete Role
Admin access required

No equity-eligible users yet

{% raw %}{{ equity.user_id }}{% endraw %}
Equity Account: {% raw %}{{ equity.equity_account_name }}{% endraw %}
Notes: {% raw %}{{ equity.notes }}{% endraw %}
Granted: {% raw %}{{ formatDate(equity.granted_at) }}{% endraw %}
Revoke Equity Eligibility
Grant Account Permission
Grant a user permission to access an expense account. Permissions on parent accounts cascade to children.
Bulk Grant Permissions
Grant the same permission to multiple users at once. This saves time when onboarding multiple users to the same account.
Preview: This will grant {% raw %}{{ getPermissionLabel(bulkGrantForm.permission_type) }}{% endraw %} permission to {% raw %}{{ bulkGrantForm.user_ids.length }}{% endraw %} user(s) on account {% raw %}{{ getAccountName(bulkGrantForm.account_id) }}{% endraw %}
Results:
{% raw %}{{ bulkGrantResults.success_count }}{% endraw %} permissions granted successfully
{% raw %}{{ bulkGrantResults.failure_count }}{% endraw %} failed
Bulk Grant Errors
 {% raw %}{{ failure.user_id }}{% endraw %} {% raw %}{{ failure.error }}{% endraw %}
Revoke Permission?

Are you sure you want to revoke this permission? The user will immediately lose access.

User {% raw %}{{ permissionToRevoke.user_id }}{% endraw %} Account {% raw %}{{ getAccountName(permissionToRevoke.account_id) }}{% endraw %} Permission Type {% raw %}{{ getPermissionLabel(permissionToRevoke.permission_type) }}{% endraw %}
Grant Equity Eligibility
Grant a user the ability to contribute expenses as equity instead of liability. An equity account will be automatically created for this user.
Revoke Equity Eligibility?

Are you sure you want to revoke equity eligibility for this user?

Note: This will prevent them from adding new expenses as equity contributions. Their existing equity account and contributions will remain unchanged.

User {% raw %}{{ equityToRevoke.user_id }}{% endraw %} Equity Account {% raw %}{{ equityToRevoke.equity_account_name }}{% endraw %}
{% raw %}{{ editingRole ? 'Edit Role' : 'Create Role' }}{% endraw %}
Define a role with a name and description. Permissions will be added separately.
Only one role can be the default. Setting this will remove default status from other roles.
Role Permissions Add permission to role
No permissions assigned to this role yet
{% raw %}{{ getAccountName(perm.account_id) }}{% endraw %} {% raw %}{{ getPermissionLabel(perm.permission_type) }}{% endraw %} Remove permission
Add Permission to Role
Grant this role access to an account
{% raw %}{{ selectedRole.name }}{% endraw %} DEFAULT
{% raw %}{{ selectedRole.description }}{% endraw %}
Role Permissions ({% raw %}{{ rolePermissionsForView.length }}{% endraw %})
No permissions assigned to this role yet
{% raw %}{{ getAccountName(perm.account_id) }}{% endraw %} {% raw %}{{ getPermissionLabel(perm.permission_type) }}{% endraw %}
Users with this role ({% raw %}{{ roleUsersForView.length }}{% endraw %})
No users assigned to this role yet
{% raw %}{{ user.user_id }}{% endraw %} Granted: {% raw %}{{ formatDate(user.granted_at) }}{% endraw %} | Expires: {% raw %}{{ formatDate(user.expires_at) }}{% endraw %}
Delete Role?

Are you sure you want to delete this role?

Warning: This will remove all permissions associated with this role and revoke role assignments from all users. This action cannot be undone.

Role {% raw %}{{ roleToDelete.name }}{% endraw %} Affected Users {% raw %}{{ roleToDelete.user_count }}{% endraw %} Permissions {% raw %}{{ roleToDelete.permission_count }}{% endraw %}
Revoke Role from User?

Are you sure you want to revoke this role from the user? They will immediately lose all permissions associated with this role.

User {% raw %}{{ userRoleToRevoke.user_id }}{% endraw %} Role {% raw %}{{ getRoleName(userRoleToRevoke.role_id) }}{% endraw %} Notes {% raw %}{{ userRoleToRevoke.notes }}{% endraw %}
Assign User to Role
Assign a user to a role to grant them all permissions associated with that role.
{% endblock %}