User Permission Groups

This article defines Helm user permission groups, the boundaries of their powers, and the etiquette of role elevation and invitation.

Defining User Roles

This article defines Helm user permission groups, the boundaries of their powers, and the etiquette of role elevation and invitation. It also sets expectations for future custom roles, ensuring your warehouse remains orderly rather than anarchic

Hierarchy:

Owner → Manager → Accounts → Supervisor → Senior Warehouse Operative → Warehouse Operative → Packing Operative → Inventory User → Support

Core principles:

  • Least privilege: Users should only have the permissions necessary to perform their responsibilities

  • Irreversibility safeguards: High-impact actions (ownership transfer, billing changes, user deletion) are limited to designated roles

  • Lateral restraint: Users cannot modify peers at the same level; promotions flow downward from higher roles only

  • Custom roles: In future releases, administrators will be able to define Custom Permission Groups with fine-grained capabilities

Owner

Scope

  • Unrestricted access across Helm

  • Organisational control: add, invite, and remove users; transfer ownership; assign and change any user’s permission group

Constraints

  • None; the Owner is the final arbiter of configuration and governance

Manager

Scope

  • Operational near-parity with Owner for day-to-day warehousing and administration

  • Can invite new users, including other Managers

  • Can change permission sets of users below Manager level

Constraints

  • Cannot transfer ownership

  • Cannot delete the Owner

  • Cannot delete or change the permission sets of other Managers or higher

Accounts

Scope

  • Full access to financial and administrative features required for accounts and billing oversight

  • Can modify billing details, plans, invoices, and financial reports as appropriate to accounts activities

Constraints

  • Cannot invite, delete, or modify users

  • No ownership transfer

Supervisor

Scope

  • Broad operational control across warehouse functions

  • Can invite Warehouse Operatives and Packing Operatives

  • Can change permission sets for roles below Supervisor (Packing Operatives and Inventory Users), but not for Warehouse Operatives or anyone above Supervisor

Constraints

  • Cannot perform billing and plan changes (no billing updates, no plan tier modifications)

  • Cannot change Warehouse Operatives’ roles; may propose promotions via Managers

  • May invite Inventory Users where appropriate - Inventory is lower than Warehouse and Packing, thus permissible

Senior Warehouse Operative

Scope

  • Inbound excellence: can create deliveries from purchase orders and process deliveries

  • Execution authority: can process picks (but cannot create picks), can process movements (but cannot create planned movements)

  • Full use of the Mobile App

  • Can delete picks only if they have the authority to create them; otherwise, no deletion rights apply

Constraints

  • Cannot create sales orders

  • Cannot create purchase orders

  • Cannot invite users

  • Cannot create customers, contacts, or companies

  • No billing or plan changes

Warehouse Operative

Scope

  • Focused on picking and movements within the warehouse

  • Can process picks (but cannot create picks)

  • Can process movements (but cannot create planned movements)

  • Full use of the Mobile App

Constraints

  • Cannot create or book deliveries

  • Can delete picks only where creation rights exist; if unable to create, unable to delete

  • No billing or plan changes

  • Cannot invite users or create customers, contacts, or companies

Packing Operative

Scope

  • Restricted to despatch operations and routes required for terminal usage

  • Despatch Terminal access only, with necessary ancillary actions

Constraints

  • Cannot create or delete picks where creation rights are absent

  • No warehouse movement or inventory changes

  • No billing or plan changes

  • Cannot invite users

Inventory User

Scope

  • Buying and cataloguing:

    • Can book purchase orders and deliveries

    • Can create and maintain inventory items and suppliers

  • Full suite of procurement-adjacent functions (catalogue data, vendor records)

Constraints

  • No warehouse execution: cannot perform Picks, Movements, or use the Mobile App for operational tasks

  • Cannot change quantities beyond procurement flows

  • No billing or plan changes

  • Cannot invite users

Support

Scope

  • Operates with near-Manager capabilities for support and troubleshooting

  • Can assist with configuration, diagnostics, and operational workflows to facilitate customer success

Constraints

  • Cannot transfer ownership

  • Cannot delete the Owner

  • Should not perform billing or plan changes unless expressly authorised by Owner

  • May not alter the permission sets of Managers or above

Role Modification Rules

  • Upward changes: Only Managers and Owner can promote users into higher roles; Supervisors may request promotions but cannot elevate Warehouse Operatives or above

  • Peer protection: Users cannot change or delete peer roles at the same level

  • Invite boundaries:

    • Owner: can invite any role

    • Manager: can invite any role, including Managers

    • Supervisor: can invite Warehouse Operatives, Packing Operatives, and Inventory Users

    • Accounts, Senior Warehouse Operative, Warehouse Operative, Packing Operative, Inventory User, Support: cannot invite users (unless explicitly enabled by policy)

Billing and Plan Governance

  • Owner and Accounts manage billing and plan tiers

  • Managers may view billing but should not alter plans unless policy allows

  • All other roles have no billing or plan access

Future: Custom Permission Groups

  • Administrators will be able to create bespoke roles with precise capabilities (e.g., “Inbound Specialist” or “Returns Coordinator”), selecting from granular actions such as “Create Planned Movement,” “Process Pick,” “Invite Packing Operatives,” or “Modify Billing Address”

  • Custom roles will respect the same governance tenets: least privilege, peer protection, and explicit invite boundaries

Best Practices

  • Start narrow: assign the lowest role that enables the work

  • Separate duties: keep Accounts distinct from operational promotion powers

  • Document promotions: log rationale and approver for any role elevation

  • Review quarterly: audit user lists, invites, and role changes to maintain compliance and safety

Common Scenarios

  • Promoting a Packing Operative to Warehouse Operative: Supervisor requests; Manager approves and executes

  • Granting Inventory User access to invite Packing Operatives: not permitted; require Manager or Owner endorsement

  • Allowing Senior Warehouse Operatives to delete picks: permitted only where pick creation rights exist; otherwise disallowed

  • Enabling Support to adjust a user’s role: not permitted for Managers or above; request Owner or Manager action