AMANA ERP uses role-based access control (RBAC) combined with module entitlements to show each user the right hubs, tiles, and actions.
HyperMenu hubs
The left rail groups capabilities into hubs (Operations, Finance, Master Data, Admin, etc.). A user only sees hubs and modules their role allows.
Personas and default roles
New tenants receive default org roles aligned to common personas (store manager, finance controller, HQ admin). Platform admins can sync permission catalogs after upgrades.
Permissions
Each screen and API route maps to a permission key (e.g. products.read, finance.journal.post). Roles aggregate permissions; users inherit through role assignment.
Best practices
- Grant least privilege — add permissions when job duties require them
- Separate segregation of duties for approve vs post in finance and procurement
- Use step-up MFA for sensitive actions where enabled
Module entitlements
Your subscription plan controls which modules are licensed. Disabled modules hide tiles even if a role technically includes the permission.
White labelling (Enterprise)
Enterprise tenants may enable white-label branding under Platform → Modules. Logo and colour settings apply to customer-facing surfaces per tenant policy.
Troubleshooting access
| Symptom | Likely cause |
|---|---|
| Missing hub | Role lacks module permission or plan excludes module |
| 403 on save | Fine-grained permission missing (e.g. *.write) |
| Tile visible but page empty | Trial policy or scope restriction |
Contact your tenant admin or open a support ticket if you need a permission audit.
Configure in app
Admin → Roles and Admin → Users are the primary screens. See Settings overview for navigation.