ROLES
Eight distinct operational perspectives — each with its own dashboard, permissions, and tools.
OPS Companion enforces a strict role-based access model backed by 168 Row-Level Security (RLS) policies at the PostgreSQL layer. Every user is assigned exactly one role, and that role determines which records they can read, write, and modify — across all 54 tables. There are no client-side permission tricks: the database enforces the rules unconditionally.
Each role ships with its own purpose-built dashboard, optimized for the specific workflows of that operational perspective. A Technician's screen looks nothing like a Dispatcher's — and that is intentional. OPS Companion was designed from day one for the realities of Quebec and Canadian heavy equipment operations: bilingual, offline-capable, and built for the field.
The Eight Roles
Vue d'ensemble, contrôle total, configuration et analytique.
Bons de travail, inspections, signalétiques et historique sur le terrain.
Itinéraires, livraisons, kilométrage, signatures de réception.
Affectation des appels, vue carte en temps réel, communications équipe.
Dossiers employés, formations, certifications, feuilles de temps.
Inventaire, commandes, réception, modèles 3D liés aux pièces.
Soumissions, opportunités, catalogue, démos 3D pour clients.
Disponibilité de la flotte, contrats, retours, état des machines.
How RLS Enforces Role Boundaries
Row-Level Security is enabled on every table in the OPS Companion database. When a user executes any query — even a SELECT — PostgreSQL evaluates the applicable RLS policies for that user's role before returning a single row. This means a Technician cannot see another Technician's work orders, a Driver cannot see financial data, and a Sales rep cannot access employee timesheets — not because the UI hides these things, but because the database will not return the data regardless of how the request is made.
There are 168 RLS policies across the 54 tables. Each policy is scoped to one or more roles and specifies the exact condition that must be true for a row to be visible or writable. The Administrator role holds a special JWT claim that bypasses all RLS — this is the only bypass in the system, and it is logged.
Role Permission Summary
| Role | Work Orders | Fleet GPS | Financials | Admin |
|---|---|---|---|---|
| Administrator | ✓ ALL | ✓ ALL | ✓ ALL | ✓ YES |
| Technician | ✓ ASSIGNED | ✗ NONE | ✗ NONE | ✗ NO |
| Driver | ✗ NONE | ✓ OWN | ✗ NONE | ✗ NO |
| Dispatcher | ✓ ASSIGN | ✓ ALL | ✗ NONE | ✗ NO |
| HR | ✗ NONE | ✗ NONE | ✗ NONE | ✗ NO |
| Parts | ✓ READ | ✗ NONE | ✗ NONE | ✗ NO |
| Sales | ✗ NONE | ✗ NONE | ✓ QUOTES | ✗ NO |
| Rental | ✗ NONE | ✓ READ | ✓ RENTAL | ✗ NO |
Bilingual by Default
Every role's interface is fully bilingual — French and English — with each user able to set their preferred language independently. Interface labels, automated emails, generated PDF documents, push notifications, and even error messages respect the user's language preference. The system was built first for Quebec operations, where bilingual capability is not optional.