Users, Roles & Permissions in Jules
How Jules manages user identities, organizational structure, and access control for recyclable materials trading teams.
Users, Roles & Permissions in Jules
Product documentation — How Jules models user identities, assigns roles, structures organizations, and controls access across every action in the platform.
Table of Contents
- Overview
- User Profiles
- How Users Log In
- Roles
- Organizational Structure — Departments & Divisions
- Manager Hierarchy
- Scoping Access — Companies & Sites
- Geographic Scoping — Subregions
- Billing Entities & Legal Entities
- External Users & Portal Access
- Licenses
- Relationships with Other Modules
- Key Business Rules
- Glossary
Overview
Jules uses a layered access model. At the core, a User has an identity and a set of Roles that determine what pages and actions they can access. On top of that, access can be narrowed to specific companies, sites, or geographic areas — so a trader managing the Turkish market only sees operations and counterparties relevant to that market.
Every user belongs to a single organization (tenant). Data from different organizations is always completely isolated — no sharing, no cross-tenant visibility.
User Profiles
Each user in Jules has a profile containing:
| Field | Description |
|---|---|
| Primary login credential | |
| First / Last name | Display name throughout the platform |
| Language | Interface language preference (e.g., English, French) |
| Timezone | Local timezone for notifications and scheduling |
| Phone number | Optional contact number |
| Signature | Scanned signature image used on purchase and sales order documents |
| Email signature | HTML signature block for outgoing emails |
| Notification preferences | Which events trigger in-app or email notifications |
Blocking a user
Administrators can block a user account to prevent login — for example, when an employee leaves the company. Blocked users cannot sign in, and their data history is preserved.
How Users Log In
Jules supports passwordless login via Magic Link (a one-time email link) as the primary authentication method, along with Google OAuth and a traditional email/password option.
After logging in, the platform routes each user to their default landing page based on their role:
| Role | Default landing page |
|---|---|
| Field Manager | Warehouse Inbounds |
| Shipment Tracker | Shipment Tracker |
| All others | Configured default page for the organization |
Roles
Every user has one or more roles that determine what they can do in Jules. Roles are additive — a user can hold multiple roles simultaneously, and permissions from all roles are combined.
Available roles
| Role | Description |
|---|---|
ADMIN | Full administrative access — configuration, user management, and all data |
MANAGER | Manages a team of users; sees only data scoped to their team members |
BUYER | Creates and manages purchase operations |
SELLER | Creates and manages sale operations |
TRADER_BUY | Purchase-focused trader variant |
ALLOCATOR | Creates and manages allocations between buy and sell operations |
LOGISTICIAN | Manages freight bookings, containers, and shipments |
LOGISTICS_MANAGER | Extended logistician with managerial oversight |
ACCOUNTANT | Access to invoices, bills, and financial reports |
VALIDATOR | Authorized to approve or reject operations in the approval workflow |
VIEWER | Read-only access across the platform |
FIELD_MANAGER | Manages warehouse inbound operations on-site |
SHIPMENT_TRACKER | Focused on tracking shipments |
WM_BUY | Warehouse management buy variant |
Role-based page access
Roles control which sections of Jules a user can navigate to. For example, a user with only the LOGISTICIAN role cannot access the invoicing section, and a VIEWER cannot create or modify any records.
Organizational Structure — Departments & Divisions
Jules provides two lightweight organizational groupings to help structure your team:
Department
A Department is a named grouping within the organization (e.g., "Trading", "Logistics", "Finance"). Departments are used to categorize users and associate them with operations for filtering and reporting.
Division
A Division is a higher-level business unit, typically representing a business line or geographic area (e.g., "Ferrous", "Non-Ferrous", "APAC"). Divisions sit above departments and are used for broader segmentation across the organization.
Manager Hierarchy
Jules implements a manager-to-team-member relationship that controls both organizational visibility and data access.
How it works
A manager can only see data — operations, tasks, invoices — that belongs to their direct team members. If a user has no team members assigned to them, they have global visibility across all records in the organization.
This is the primary mechanism for giving senior managers oversight of their team's book without seeing the entire organization's data.
Important: The hierarchy is one level deep. There is no recursive lookup — a manager sees their direct team members only, not their team members' team members.
Scoping Access — Companies & Sites
Beyond roles and manager hierarchy, Jules provides two scope restrictions that narrow which counterparties and locations a user can interact with.
Company scope
You can assign specific trading companies to a user. When assigned, that user can only see operations, contracts, and records associated with those companies.
No assignment = global access. A user with no company scope can see all companies in the organization. Scope is only restricted when you explicitly configure it.
This is useful for traders who specialize in a particular customer or geographic market — you can ensure they only see their own book.
Site scope
Similarly, you can restrict a user to specific physical sites (warehouses, collection points, etc.). A user with no site scope can access all sites.
Combined effect
Both restrictions apply together: a user must satisfy both the manager hierarchy check and the company scope check to access a given record.
Geographic Scoping — Subregions
Users can be assigned to one or more geographic subregions (e.g., "West Africa", "Southeast Asia"). This is used for:
- Notification routing — alerts about operations in a subregion are sent to the relevant trader
- User suggestions — when Jules needs to suggest who to assign to an operation, it matches on the operation's origin subregion
Users can also have additional routing attributes (material specialty, country of origin/destination, shipment mode preference) that further refine smart notifications and assignment suggestions.
Billing Entities & Legal Entities
Legal Entity types
Jules recognizes several types of legal parties:
| Type | Description |
|---|---|
| Billing Entity | Your organization's own legal entity (for issuing/receiving invoices) |
| Company | A trading counterparty (supplier or customer) |
| Agent | A trade agent or broker |
| Logistic Forwarder | A freight forwarding company |
| Shipping Line | A maritime carrier |
| Ship Owner | Owner of a vessel |
| Customs Agency | A customs clearance service provider |
| Pre-Carriage Line | A local transport provider |
| Inspector | A third-party quality/quantity inspection company |
| Broker | A commodities broker |
| Financier | A bank or financial institution |
Billing Entities
A Billing Entity is the legal entity your organization uses to issue or receive commercial documents (purchase orders, sales orders, invoices). In a multi-entity organization, you may have several — for example, one per country of incorporation.
Each billing entity holds its legal registration details, address, banking information, logo (for PDF headers), and signature (for signed documents).
Signatories
Users can be assigned as signatories for a billing entity — meaning they are authorized to sign purchase orders, sales orders, and other documents issued by that entity. One user can be marked as the default signatory for a billing entity.
Soft deletion: Billing entities are never permanently deleted. When removed, they are marked as inactive and their name is flagged accordingly — this preserves the history of all documents they were used on.
External Users & Portal Access
Jules supports external users — contacts at supplier or customer companies who are granted limited, read-only access to a portal view of Jules.
External users:
- Are linked to a specific company (supplier or customer)
- Can only see data related to their own company
- Cannot see prices, margins, or internal costs (visibility is controlled per field)
- Access only the portal view — not the full Jules application
Portal field-level visibility is configured by your organization's admin, allowing precise control over what each external user can see.
See External Portal for the full portal documentation.
Licenses
A License in Jules represents a regulatory permit associated with the import or export of specific materials. Licenses are attached to sites to document which materials that site is authorized to handle.
| Field | Description |
|---|---|
| Name | License reference number or name |
| Type | Customer (import permit) or Supplier (export permit) |
| Material quality | The specific material this license covers |
| Country | The country in which the license is valid |
| Quota frequency | How often the license quota resets |
| Notes | Free-text comments |
Relationships with Other Modules
Users are referenced throughout Jules:
| Related module | Relationship |
|---|---|
| Operations | Users are assigned as trader, admin, account representative, signatory, and watchers |
| Contracts | Users are assigned as the responsible trader |
| Goals | Users are listed as contributors or owners of commercial goals |
| Tasks | Users are assigned as task owners and can be added as watchers |
| Offers | Users own and manage offer records |
| Billing Entities | Users are assigned as authorized signatories |
| Notifications | Users receive in-app and email notifications based on their preferences and attributes |
| Budgets | Users are associated with budget planning cycles |
| Approvals | Users with the Validator role act as approvers in the approval workflow |
Key Business Rules
1. Complete data isolation between organizations
All data (roles, access scopes, billing entities, departments) is isolated per organization. No data is ever shared between tenants.
2. Roles are additive
A user can hold multiple roles simultaneously. Permissions from all roles are combined — there is no conflict or priority between roles. Assign the minimum set of roles needed for the job.
3. Scope restrictions are opt-in
For both company and site scoping: having no restrictions set grants access to all companies and sites. Access is only narrowed when you explicitly configure it. New users automatically have broad access until an admin restricts it.
4. Manager hierarchy drives data visibility
Managers see only records assigned to or created by their direct team members. If you need a user to have global visibility, ensure they have no team members assigned to them as manager.
5. Blocking vs. deleting
Blocking a user prevents all future logins while preserving their history. Billing entities follow a similar "soft delete" pattern — they cannot be permanently removed because they are referenced by historical documents.
6. External users are scoped to one company
Every external (portal) user must be linked to exactly one company. They can only see records related to their company — nothing from other counterparties is visible.
Glossary
| Term | Definition |
|---|---|
| Billing Entity | A legal entity belonging to your organization used to issue and receive invoices and commercial documents |
| Department | An organizational subdivision (e.g., Trading, Finance) used to classify users |
| Division | A higher-level business unit (e.g., Ferrous, Non-Ferrous) grouping departments and operations |
| External User | A portal user representing a supplier or customer; scoped to a single company |
| License | A regulatory import/export permit associated with a material quality and country |
| Magic Link | Passwordless authentication via a one-time email link |
| Manager | A user who oversees one or more team members; their data visibility is restricted to their team's records |
| Portal | The external-facing interface for supplier/customer users with restricted data visibility |
| Role | A named permission level assigned to a user (e.g., ADMIN, BUYER, VALIDATOR) |
| Signatory | A user authorized to sign documents on behalf of a billing entity |
| Subregion | A geographic sub-classification used for notification routing and user matching |
| Validator | A role that grants authorization to approve or reject operations in the approval workflow |
Last updated today
Built with Documentation.AI