Admin roles
Roles and permissions use Spatie Laravel Permission on the web guard. The roles UI lets authorized admins review role names, clone roles, and adjust permission sets within policy guardrails.
Single role per user
The product expects one role row per user in the role pivot table. Keep changes deliberate: permission breadth affects admin portal access, impersonation eligibility, and data visibility.
Catalog
Permissions are registered in a central catalog. If a permission is missing from the UI, it may need a deploy or seeder update from engineering.