This guide explains how permission management works inside an organisation. FoxStock also includes a standalone permission system used when sharing assets outside an organisation, but that is covered in a separate guide.
This section presents a general overview of permissions in organisations. For detailed instructions on setting up roles and permissions, refer to the Create organisation roles guide.
FoxStock organisations use a role-based system: roles define what members can see and do, and higher permission levels always include all lower ones.
Organisation-level permissions
Organisation permissions control who can manage the organisation and its assigned assets.
MANAGE: Full control of settings, roles, members, and assigned assets.WRITE: Can share assets with the organisation and manage assigned assets.READ: Can view organisation details, assets, and members.
Use READ for general members, WRITE for trusted contributors, and MANAGE for officers.
Asset-level permissions
Asset permissions apply to stockpiles and networks owned by the organisation.
MANAGE: Full control, including deleting assets and editing settings, contents, and targets.WRITE: Can change settings, contents, and targets.SUBMIT_ITEMS: Can submit item updates only.READ: Can view asset details, inventory, and network structure.
Use SUBMIT_ITEMS and READ for members and drivers updating inventories, WRITE for asset managers, and MANAGE for senior logistics.
How permissions work
FoxStock assigns permissions through roles, not individual settings. A user’s effective access is always the highest level granted by any of their roles. Permission levels are hierarchical: organisation permissions follow MANAGE → WRITE → READ, while asset permissions follow MANAGE → WRITE → SUBMIT_ITEMS → READ. This means that granting a higher permission automatically includes all lower ones.
Roles stack. If a user has multiple roles, they inherit the widest set of permissions from all of them.
Permissions also inherit downwards through ownership. When an organisation owns a network, it automatically owns all networks and stockpiles inside it. As a result, users with organisation-level asset permissions can act on every asset the organisation owns, regardless of how deep it is in the structure.
To manage permissions efficiently, organisations typically use a small set of standard roles. Officers usually have MANAGE permissions for both organisation and assets; trusted members often receive WRITE; recruits commonly get READ for the organisation and SUBMIT_ITEMS for assets; and guests are limited to basic READ access across the board.
Assign roles to groups, not individuals. Linking roles to user groups (for example, Discord roles) makes permission management far easier as your organisation grows.