# Roles and Permissions

## Overview

Access in chestnut.tools is controlled by **roles**. Each role carries a set of permissions. Staff members are assigned a role; students have no role and cannot access the admin panel.

## Permissions

| Permission          | What it unlocks                                                     |
| ------------------- | ------------------------------------------------------------------- |
| `administrator`     | Full access to everything — implicitly passes all permission checks |
| `manage_staff`      | Create, edit, and delete staff members and roles                    |
| `manage_students`   | Create, edit, and delete students                                   |
| `manage_courses`    | Create, edit, and delete courses                                    |
| `manage_schedules`  | Create and edit schedules                                           |
| `manage_attendance` | Edit attendance records                                             |

A staff member without any of the above permissions can still view read-only data in the admin panel, but cannot make changes.

## Managing Roles

Go to **Roles** (`/admin/roles`) to see all roles in your institution.

* **Create a role**: click the **+** button, give the role a name, and check the permissions it should include.
* **Edit a role**: click the pencil icon to change its name or permissions.
* **Delete a role**: click the trash icon and confirm. Staff currently assigned that role will lose its permissions.

> You must have the `manage_staff` permission (or be an administrator) to create, edit, or delete roles.

## Assigning a Role to a Staff Member

1. Go to **Staff** and click the pencil icon next to the staff member.
2. Select the desired role from the **Role** dropdown.
3. Save the changes.

The staff member's permissions take effect immediately on their next page load.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.chestnut.tools/user-docs/roles-permissions.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.