Permission System
xtra audio uses a granular permission system. Each user receives permissions through roles, direct assignments, and overrides.
Permission Levels
Permissions are assigned at two levels:
| Level | Scope |
|---|---|
| Project | Applies across the entire project |
| Station | Applies to specific stations |
Project Permissions
| Permission | Description |
|---|---|
project:view | View project details, settings, and dashboard |
project:edit | Edit project name, description, timezone, avatar, and settings |
api:view | View public API configurations and keys |
api:edit | Create and update API configurations and keys |
api:delete | Delete API configurations and keys |
adtrigger:view | View ad triggers |
adtrigger:edit | Create and update ad triggers |
adtrigger:delete | Delete ad triggers |
Station Permissions
Station permissions are assigned per station or for all stations at once.
| Permission | Description |
|---|---|
station:view | View station details and dashboard |
station:edit | Edit station settings, encoders, and configuration |
media:view | View media library items and playlists |
media:edit | Upload, edit, and delete media files |
media:delete | Delete media files permanently |
planner:view | View planner sequences, week templates, and rotations |
planner:edit | Create and edit sequences, week templates, and planner actions |
studio:view | View the live studio interface |
studio:edit | Control studio playback, manage the playlist queue, and use the mixer |
relay:view | View external sources and relay configuration |
relay:edit | Configure external sources and relay settings |
Wildcard Permissions
Grant full access by assigning the wildcard (*) permission. This grants access to all features within the scope. The Admin toggle in the permission editor sets this wildcard.
Namespace wildcards (e.g., api:*) grant all permissions within that category.
The Owner role holds the wildcard (*) permission. This grants full access to all project and station features and cannot be restricted.
Roles
Roles group permissions together for reusable assignment.
Managing Roles
- Create roles with a name and a set of permissions
- Assign a scope to the role:
| Scope | Description |
|---|---|
| Project | Permissions apply at project level |
| All Stations | Permissions apply to every station |
| Specific Stations | Permissions apply to selected stations only |
- Assign the role to one or more users
Role CRUD
Roles can be created, edited, and deleted from the team management interface. Deleting a role removes it from all users.
Overrides
Overrides allow granting or denying individual permissions regardless of role assignments.
| Override Type | Effect |
|---|---|
| Grant | Explicitly allows a permission, even if no role includes it |
| Deny | Explicitly blocks a permission, even if a role includes it |
Overrides take precedence over role-based permissions. They exist at both project and station level.
Permission Editor
The permission editor opens when editing a user's access rights.
Configure Permissions
- Open the user's detail page from the team list
- Toggle Admin for full access, or configure individually:
- Assign one or more roles
- Set overrides for specific permissions
- For station-specific permissions, add station permission entries
- Save changes
Permissions from roles, direct assignments, and overrides are combined. The final permission set is evaluated in this order: overrides (deny) > overrides (grant) > role permissions.
External Invites
Team members can be invited by email. The invited person receives an email with a link to accept or decline the invitation.
Invitations are valid for 7 days. After expiry, the invitation must be sent again.