Documentation

Home & Roles

Roles and Access

Malveon has a flat role model: ten roles, one per user, with access gated at the feature level rather than the app level. This page covers the roles, where each one lands after login, and how that handoff is kept secure.

The roles

There are ten canonical roles: two operational (Super Admin, Company Admin) and eight product roles (CEO, Engineering Manager, Tech Lead, Project Manager, DevOps, QA Engineer, Designer, Developer). Each user has exactly one role. Seniority and specialization are separate fields, not roles, so there is no "Senior Developer" role, just a Developer with a level.


Where each role lands

After login, routing is role-aware: Super Admin goes to the ops surface, Company Admin to the admin surface, and the eight product roles land on the universal Home dashboard. An unknown role falls back to the login screen with an error rather than guessing.


Feature-level gating

Every authenticated user can navigate to every product app (Malve, Malvedeck, Malviont). Gating happens at the feature level inside each app, not by blocking whole apps. The one intentional exception is that Malviont is hidden from the Designer’s Home shortcuts (still reachable by direct URL).


The handoff is secure

The post-login redirect carries a single-use handoff token that expires in about a minute, never the session credential itself. The session stays in an HttpOnly cookie. So a redirect URL, even if it leaked, is useless after sixty seconds and never contained your session token.