FlexiCommerce FlexiCommerce
RBAC & Security

5 roles. 49 permissions.
Total control.

Role-based access control with Spatie Laravel Permission. Super Admin, Content Manager, Support Agent, Finance Manager, Marketing Manager — each with granular permissions across 14 modules.

Get Started View live demo
Spatie Permission 14 modules Audit logs

5 predefined roles. Assign in one click.

Each role comes with pre-configured permissions. Assign a role to any admin user — they instantly see only what they're allowed to.

Super Admin

All permissions

Full access to everything — products, orders, vendors, finance, settings, AI.

Content Manager

Products, categories, blog, reviews

Manage catalog content, marketing assets, and customer reviews.

Support Agent

Orders, returns, tickets

Handle customer orders, returns, refunds, and support tickets.

Finance Manager

Payouts, refunds, invoices, reports

Process vendor payouts, manage refunds, generate tax reports.

Marketing Manager

Coupons, deals, search, AI

Run promotions, manage banners, search analytics, use AI tools.

49 permissions across 14 modules

Granular control — view, create, update, delete per module. Each role gets exactly the permissions it needs, nothing more.

Orders view, update, delete, export
Products view, create, update, delete
Categories view, create, update, delete
Users view, create, update, delete
Vendors view, update, approve
Finance view payouts, process, view refunds, process, invoices
Marketing coupons, deals, banners
Delivery view, manage, COD deposits
Support tickets, returns, process
Content blog, pages, menus, reviews
Search analytics, manage
Settings manage settings, localization, imports
Reports view, export
AI use AI features

Every change tracked. Every login logged.

Spatie Activity Log on 12 models. Login history with IP/device tracking. Vendor staff with separate JSON permissions. Full security stack.

Audit Logs

Spatie Activity Log on 12 models — orders, products, vendors, coupons, deals, banners, payouts. Who changed what, when, before/after values.

Login History

Every login tracked with IP address, device type, browser, timestamp. Suspicious login detection. Trusted device management.

10 Authorization Policies

OrderPolicy, ProductPolicy, VendorPolicy, CouponPolicy, DealPolicy, CategoryPolicy, BannerPolicy, UserPolicy, ReturnRequestPolicy, VendorPayoutPolicy.

Vendor Staff Permissions

Separate JSON-based permission system for vendor staff. 3 roles (Staff, Manager, Accountant), 12 permission modules, invitation-based onboarding.

Rate Limiting

4 throttle groups — 120/min authenticated, 60/min guests, 10/min auth endpoints, 20/min checkout. DDoS protection built-in.

2FA + Biometric

Two-factor authentication, biometric login (fingerprint/face), PIN lock option in delivery and customer apps. Account deletion support.

Enterprise security. Startup simplicity.

5 roles, 49 permissions, audit logs, rate limiting, authorization policies — all pre-configured. Assign roles, your team sees only what they need.

Get Started View pricing