Skip to main content
All docs
Roles & Permissions/Roles & Permissions

Roles & Permissions

Built-in roles, custom roles, and how RBAC is enforced.

Latest
7 min
Updated 2026-07-03

Roles & Permissions

EduWallet uses table-backed RBAC — every permission check reads the user_roles table via a SECURITY DEFINER function.

Built-in roles

| Role | Description | |------|-------------| | platform_admin | Full platform access | | school_admin | Full access within their school | | bursar | Finance, fees, wallets, refunds | | teacher | Classes, attendance, marks | | parent | Their children only | | student | Their own record |

Custom roles

Create custom roles under Admin → Access → Custom Roles. Every permission is scoped by school.

Never store roles on the profile table — always use the dedicated user_roles table for security.

Was this article helpful?