Tab permissions
NyayX has two layers of permissions:
- Tab permissions (this page) — which sidebar tabs a member can see and whether they can edit them.
- Action permissions — fine-grained operations within a tab (e.g. delete a case, change another member’s role). Managed inline from Members → click a member → Permissions panel.
This page covers the tab layer.
How it works
Every workspace ships with default tab permissions for each non-owner role (Admin, Senior Lawyer, Team Leader, Junior). These defaults are a template — when you invite someone, the template’s values are copied to their membership and become their starting point. Editing the template later does not change existing members; their permissions stay where they are unless you also edit them individually.
Owner is always full-access on every tab and cannot be restricted.
A tab can be set to one of three levels:
| Level | What the member sees |
|---|---|
| Hidden | Tab does not appear in their sidebar. The API also rejects requests to that tab’s endpoints. |
| View | Tab is visible. They can read everything. Any create/update/delete action returns 403. |
| Edit | Tab is fully usable. |
Role presets
When inviting a member, the owner can pick one of four role presets, which map to these display names in the invite form:
| Preset label in invite form | Internal role | Finance access |
|---|---|---|
| Senior Advocate / Partner | senior_lawyer | View only |
| Associate Advocate | team_leader | View + limited create |
| Desk Clerk | junior | None (Finances tab hidden) |
| Billing & Accounts | admin | Full |
Editing role templates
This affects future invites only.
Settings → Permission Templates tab (visible to the owner only).
Tabs at the top: Admin, Senior Lawyer, Team Leader, Junior. Each shows a list of all sidebar features.
Set every feature to Hidden, View only, or Full access (Edit).
Click Save template. New invitees of that role will inherit these defaults from now on.
Editing one member’s permissions
This overrides the role template for that single person.
Settings → Members.
A side drawer opens showing every feature with the member’s current effective permission.
Use one of the Quick preset buttons at the top to load a common bundle in one click:
- View only — read-only across every tab. Useful for accountants or auditors.
- Case handler — full case work, no money tabs, no settings.
- Junior lawyer — daily case work, no money tabs.
- Senior lawyer — full case work + read-only finances/invoices.
- Office admin — manages money, invoices, GST/TDS; read-only on case work; no billing portal.
- Finance only — only the money tabs (Finances / Invoices / Court Fees / GST). Nothing else.
- No access — start point: everything hidden. Toggle on what they actually need.
Override any cell after applying the preset. A small dot next to a feature means it’s overridden — i.e. it differs from the role template.
Click Save permissions. The member’s sidebar updates the next time they reload.
Click the ↺ icon next to an overridden feature and save to reset that single tab back to the role template’s value.
Practical examples
Hide Finances and Billing from a Desk Clerk (Junior): Settings → Permission Templates → Junior tab → confirm Finances is set to Hidden. Click Save template. Future desk clerks won’t see those tabs.
Give one specific Desk Clerk read-only access to invoices: Settings → Members → click Tab access on that member’s row → set Invoices to View only → Save. Their sidebar gets the tab on next reload; clicking Create invoice returns 403.
Set up a part-time accountant who only handles money: Invite them with the Billing & Accounts preset, then open Tab access on their row, apply the Finance only quick preset, save.
Why backend enforcement matters
The sidebar hiding is convenience — the source of truth is the API. Even
if a member typed /finances directly into their browser, the
backend requireFeature middleware on every finance endpoint returns
403. So changing a tab to Hidden genuinely takes the data away, it
doesn’t just hide a link.