Totolaw Logo

Role-Based Access Control (RBAC)

Understanding permissions, roles, and access control in Totolaw

All DocsHome

What is RBAC?

Role-Based Access Control (RBAC) is a security system that controls who can access what in Totolaw. Instead of giving permissions to individual users one by one, we group permissions into roles, and then assign those roles to users.

Think of it like this:

  • A Judge role has permissions to manage cases, schedule hearings, and make rulings
  • A Court Clerk role can create cases, upload documents, but cannot make rulings
  • A Viewer role can only view cases and hearings, not make changes

Key Concepts

Permissions
Specific actions you can perform in the system

Permissions are specific abilities to perform actions in the system

Create Cases- Add new cases to the system
View Cases- See case information
Schedule Hearings- Set up court hearings
Manage Users- Add and manage team members
Roles
Collections of permissions grouped together

A role is like a job title that comes with specific access rights

Judge Role

Includes: View cases, create cases, schedule hearings, make rulings, manage evidence

Court Clerk

Includes: View cases, create cases, upload documents, schedule hearings

Users
People who use the system

Each user is assigned one or more roles within an organisation

JD

John Doe

Role: Judge

JS

Jane Smith

Role: Court Clerk

Organisations
Courts or departments that use Totolaw

Roles and permissions are scoped to each organisation

Important: Your role in one organisation (e.g., High Court) is separate from your role in another organisation (e.g., Magistrates Court). You might be a Judge in one and a Viewer in another.

Common Roles in Totolaw

Super Administrator
System-wide access across all organisations

Super Admins have complete control over the entire Totolaw system. They can access any organisation and perform any action without needing specific role assignments.

What they can do:

  • • Access all organisations
  • • Create/delete organisations
  • • Manage all users and roles
  • • Override any permission
  • • System configuration

Who gets this role:

  • • System administrators
  • • IT support staff
  • • Platform managers
Administrator
Full control within an organisation

Can Do:

  • • Manage users
  • • Assign roles
  • • All case operations
  • • Configure settings
  • • Approve join requests

Cannot Do:

  • • Access other organisations
  • • Delete the organisation
  • • Grant Super Admin

Typical Users:

  • • Court Registrars
  • • Senior Administrators
  • • Department Heads
Manager / Judge
Manage cases and hearings

Can Do:

  • • Create cases
  • • Schedule hearings
  • • Upload evidence
  • • Make rulings
  • • Assign cases

Cannot Do:

  • • Manage users
  • • Assign roles
  • • Configure system

Typical Users:

  • • Judges
  • • Magistrates
  • • Case Managers
Staff / Court Clerk
Daily case and document operations

Can Do:

  • • Create cases
  • • Update case details
  • • Upload documents
  • • Schedule hearings
  • • Record transcripts

Cannot Do:

  • • Delete cases
  • • Make rulings
  • • Manage users
  • • Change settings

Typical Users:

  • • Court Clerks
  • • Registry Staff
  • • Administrative Staff
Viewer
Read-only access to cases and hearings

Can Do:

  • • View cases
  • • View hearings
  • • View documents
  • • View evidence
  • • Search records

Cannot Do:

  • • Create anything
  • • Update anything
  • • Delete anything
  • • Upload files

Typical Users:

  • • Legal Representatives
  • • Auditors
  • • External Observers

How Permission Checking Works

Permission Evaluation Flow
When you try to perform an action, the system checks your permissions in this order:
1

Are you a Super Admin?

If yes → Access Granted (all permissions automatically)

2

Do you have an explicit DENY?

If yes → Access Denied (deny overrides everything)

3

Do you have an explicit GRANT?

If yes → Access Granted (direct permission grant)

4

Does your role include this permission?

If yes → Access Granted (from role)

5

Default: None of the above

Access Denied (fail-safe default)

Common Scenarios

Scenario 1: Creating a Case

Action: You click the "Create Case" button

System checks:

  • ✓ Are you logged in?
  • ✓ Do you belong to an organisation?
  • ✓ Do you have permission to create cases?

If you have permission:

You see the create case form and can submit it

If you don't have permission:

The button is hidden or you see an "Access Denied" message

Scenario 2: Managing Users

Action: You navigate to Settings → Users

System checks:

  • ✓ Do you have the users:read permission?
  • ✓ Do you have the users:manage permission?
  • ✓ Do you have the roles:assign permission?

users:read → You can see the user list

users:manage → You can invite/deactivate users

roles:assign → You can assign roles to users

Scenario 3: Multiple Organisations

Situation: You belong to both High Court and Magistrates Court

High Court (Current)

Your role: Judge

  • ✓ Can create cases
  • ✓ Can schedule hearings
  • ✓ Can make rulings
  • ✓ Can manage evidence

Magistrates Court

Your role: Viewer

  • ✓ Can view cases
  • ✗ Cannot create cases
  • ✗ Cannot schedule hearings
  • ✗ Cannot make changes

Remember: Your permissions change when you switch organisations. Use the organisation switcher in the top navigation to change context.

What You See Based on Your Role

The interface automatically adapts to show only features you have permission to use. Buttons and menu items you can't access are either hidden or disabled.

✓ What You CAN Do

Buttons are visible and clickable, menu items are accessible

✗ What You CANNOT Do

Buttons are hidden, menu items don't appear, or you see "Access Denied" messages

How to Get Access or Change Roles

Need More Permissions?

If you need access to something you can't currently do:

  1. 1.Contact your organisation's Administrator
  2. 2.Explain what you need to do and why
  3. 3.They can either:
    • • Assign you a different role with more permissions
    • • Grant you specific additional permissions
    • • Create a custom role that fits your needs
Join Another Organisation?

If you need access to a different court or department:

  1. 1.Navigate to Organisations page
  2. 2.Browse available organisations
  3. 3.Click "Request to Join"
  4. 4.An administrator will review your request
  5. 5.You'll receive an email when approved

For Administrators: Managing Roles

Admin Responsibilities
As an Administrator, you're responsible for managing user access in your organisation

Key Tasks:

Invite Users: Bring new people into your organisation
Assign Roles: Give users appropriate access levels
Review Requests: Approve or deny join requests
Create Custom Roles: Tailor roles to your needs
Audit Access: Review who has what permissions
Deactivate Users: Remove access when needed

Where to Manage Roles:

Settings → Users - Manage user accounts

Settings → Roles - Create and configure roles

Dashboard → Join Requests - Review pending requests

Best Practice: Follow the principle of "least privilege" - give users only the permissions they need to do their job. You can always grant more access later.

Security Best Practices

Do This
  • Log out when you finish working
  • Report suspicious activity to your admin
  • Request only the access you need
  • Notify admin when your role changes
  • Keep your email secure (used for login)
Don't Do This
  • Share your magic link with others
  • Stay logged in on shared computers
  • Try to access things you don't need
  • Grant excessive permissions when you become admin
  • Ignore "Access Denied" messages (report them)

Frequently Asked Questions

Why can't I see the "Create Case" button?
You don't have permission to create cases. This ability is typically included in Judge, Manager, and Staff roles, but not in Viewer roles. Contact your administrator if you need this access.
Can I have different roles in different organisations?
Yes! Your roles are specific to each organisation. You might be a Judge in the High Court and a Viewer in the Magistrates Court. When you switch organisations, your permissions change automatically.
What's the difference between Super Admin and Administrator?
Super Admins have access to the entire Totolaw platform across all organisations. They're typically IT staff or platform managers. Administrators have full control within their specific organisation but cannot access other organisations.
Can roles be customized?
Yes! Administrators can create custom roles with specific combinations of permissions. This allows organisations to tailor access control to their specific workflows and requirements.
What happens if I'm assigned multiple roles?
You get the combined permissions from all your assigned roles. For example, if you're both a "Staff" and a "Viewer", you have all permissions from both roles. However, if you have an explicit DENY permission, it overrides all role permissions.
How long do permissions last?
Permissions from roles last as long as you have that role assigned. Administrators can optionally set expiration dates on specific permission grants or role assignments for temporary access.

Need Help?

Contact Your Admin

Your organisation's administrator can help with role assignments and access issues

Read More Docs

Check out other documentation pages for detailed guides

View All Docs

Technical Support

For system issues, contact support

Email Support

Ready to Use Totolaw?

Sign in to access the system with your assigned permissions and start managing court cases.

Sign In Now