loader image

From managing inquiries to generating professional itineraries and tracking bookings, Triplide helps agencies streamline their entire workflow. Learn More!

Home/Solutions/Role-Based Access Control

Role-Based
Access Control

The permission layer that decides who can see, open, and use each part of the CRM. Combines user roles, plan-based module availability, and per-user feature assignments so access is controlled at both the account level and the module level.

How the Access Model Works
Three Layers. One Decision.
Access Resolved Completely.

Not simple role labels. A layered model that checks plan eligibility, applies user assignments, and resolves into allowed modules, features, and routes. Permission becomes part of the actual application flow.

1
Role Identity
Each user account has a role such as Super Admin, Admin, Branch Admin, Sales Agent, Ops Executive, Visa Officer, Accountant, Partner/Agent, or Customer portal role. The role establishes the broad identity of the user inside the CRM.
2
Plan-Based Feature Eligibility
The CRM checks which features are enabled for the current client configuration. User access cannot exceed what the plan itself allows. This prevents access from being granted to modules outside the subscribed plan.
3
Per-User Feature Assignment
For non-super-admin users, the CRM applies custom feature assignments on top of the plan. Two users with similar roles can still have different operational access. This creates granular permission control.

The system supports both broad-access users and tightly restricted users without breaking plan boundaries. A user cannot be granted a module that the subscription does not support.

User Roles
Every Department.
Clear Boundaries.

Each role establishes the broad identity and purpose of the user inside the CRM. Roles are paired with plan eligibility and per-user assignments to create the final access map.

Super Admin
Admin
Branch Admin
Sales Agent
Ops Executive
Visa Officer
Accountant
Partner / Agent
Customer Portal

Super Admin is treated as the highest access level, not constrained by normal user-level assignments. This gives the business a reliable administrative fallback account with full visibility across the CRM.

How Access is Enforced
Interface Control Plus
Route-Level Protection

Permission is enforced both in the interface and at the route layer. Users cannot bypass restrictions by manually entering URLs.

Navigation Control

The CRM uses allowed module, feature, and route maps to decide what appears in the sidebar. Restricted modules are hidden so users are not shown areas they cannot use.

Route-Level Protection

If a user tries to open a restricted page through a direct URL, the CRM blocks the request based on the mapped feature permission for that route. Not just hidden. Actually blocked.

Feature-to-Route Mapping

Modules map to feature keys, routes map to feature keys. A module is available when at least one mapped feature is allowed. Scalable across menus, pages, and application logic.

Safe-Access Areas

Critical routes like dashboard, account settings, and subscription support remain available regardless of module restrictions. Users are never locked out of basic account functions.

Clear Restriction Reasons
Three Types of Access Denial.
Each Handled Differently.

The CRM distinguishes between plan-based, user-based, and integration-based restrictions so access handling is informative instead of using one generic failure for every case.

Plan Restriction
Module is not included in the current subscription. The business itself does not have access to that capability yet.
User Restriction
User was not assigned that feature. Normal internal role segmentation where departments need different access scopes.
Integration Lock
Required integration is not active. Module is hard-blocked when a dependency like WhatsApp provider is not enabled.
User Administration
Create, Configure, and
Control Every Account

Access control is managed alongside user creation and editing. Admins create accounts, choose roles, set module access, and manage login credentials and security settings.

Account Creation with Access Selection

Create users, choose their role, and select which plan-enabled modules they can access. Assignments are stored as feature permissions and used to calculate the final access map.

Account Disable with Session Kill

When a user is disabled, the CRM invalidates active sessions for that account. Access is removed immediately, not just on the next login.

Session and Activity Visibility

View recent sessions, authentication events, and activity logs. Understand who has access, who is actively using the system, and whether changes are needed.

Department-Based Control

Sales, operations, finance, admin, and support users share the same CRM without seeing the same application. Each sees only what they need.

Key Functionality
Everything the Module Includes
Role-Aware
User Identity
Plan-Based Feature
Eligibility
Per-User Module
Assignment
Super Admin
Full Access
Feature-to-Route
Mapping
Sidebar Visibility
Control
Direct Route
Protection
Clear Restriction
Reasons
Integration
Hard Locks
User Creation
with Feature Access
Account Disable
with Session Kill
Session and
Activity Visibility

See Access Control in Action

Watch how Triplide gives every team member exactly the right access through layered roles, plan-based eligibility, and per-user assignments.

Book a Free Demo
Get Demo
Login