User Roles & Security Levels
The portal maps user identities to one of four clearance roles. These roles determine implicit permissions, while dynamic group memberships permit modular access escalation.
Standard team member clearance. staff accounts inherit no implicit permissions, relying entirely on dynamic group mappings configured by administrators.
Supervisory account. officer accounts are authorized to manage team sharing groups and review standard file locking, unlocking, relocation, and deletion requests.
Senior executive account. director accounts inherit all 14 platform permissions implicitly, allowing full access to SULIT and RAHSIA classification segments, role building, and user management.
Global administrator clearance. chief accounts carry system override authority, including lock releases, global configurations management, quota modifications, and permanent hard deletions.
Who Can Do What?
| Platform Permission Key | Staff | Officer | Director | Chief |
|---|---|---|---|---|
files:read View and download files | Group Only | |||
files:write Upload and edit files | Group Only | |||
files:delete Soft-delete or purge file versions | Group Only | Group Only | ||
files:classify Change security classifications | Group Only | Group Only | ||
users:read View corporate user directory | Group Only | |||
users:manage Create, update, and toggle users | Group Only | Group Only | ||
users:delete Permanently delete user accounts | Group Only | Group Only | ||
governance:approve Authorize governance requests | Group Only | |||
governance:reject Decline governance requests | Group Only | |||
admin:access Access administration panel | Group Only | Group Only | ||
shares:manage Manage document sharing records | Group Only | Group Only | ||
audit:read View compliance audit ledger logs | Group Only | |||
storage:manage Configure global/user storage limits | Group Only | Group Only | ||
config:read Read global system configuration | Group Only | Group Only |
Biometric Sign-In (Fingerprint / Face ID)
The portal supports fingerprint or face sign-ins (Passkeys). Once registered, you can log in securely without entering your password, using your computer or phone's built-in scanner.
How to Register for Fingerprint / Face ID:
- Go to **Portal Settings** (click your profile on the dashboard).
- Select the **Passkey** tab.
- Click the **Register Passkey** button.
- Your browser will show a popup asking for your fingerprint or face scan. Follow the on-screen steps.
- Once complete, you can sign in by simply scanning your fingerprint on the login screen.