Feature Module

Enterprise Security & RBAC

Granular permissions. Immutable audit trail. Multi-tenant isolation.

A production-grade security layer with role-based access control (RBAC) covering 80+ granular permissions across all modules, scoped by tenant/branch/route/warehouse, plus an immutable audit log recording every state-changing action across the platform.

rbac audit auth tenant
Audit Logs & SecuritySystem Secure
TimestampActionActorIP Address
10:42 AMauth.login.successAdmin User192.168.1.42
10:35 AMorder.refund_issuedSupport Rep10.0.0.14
09:12 AMinventory.stock_adjustedWarehouse Mgr192.168.4.11
08:45 AMsettings.webhook_updatedAdmin User192.168.1.42
08:00 AMauth.login.failedUnknown45.22.11.90

What's Included

Every capability listed here is live in the platform today.

80+ granular permissions across all platform modules
Permission scopes: tenant, branch, warehouse, route, team, own
Custom role creation with any permission combination
Subscription plan–linked module access control
Automatic permission sync when plan features change
Immutable audit log for every create/update/delete action
Audit log captures before and after state for all changes
Multi-tenant data isolation (each tenant sees only their data)
Session-based authentication with session revocation
Platform-level super admin and staff role hierarchy
Deep Dive

How Each Capability Works

Detailed breakdown of what Oishia actually does under the hood.

01

Granular Permissions

Every action in the platform (view, create, update, delete, approve, manage) is a distinct permission. Roles are collections of permissions.

02

Permission Scopes

Limit what a role can see: a branch manager can only view their branch's sales; a driver only their own trips.

03

Audit Logs

Every state-changing API call records who did it, when, what module, what entity, and the full before/after data payload.

04

Plan-Gated Modules

Feature keys on subscription plans determine which modules are accessible. Upgrading a plan automatically unlocks the relevant permission sets.

05

Multi-Tenant Isolation

All data is scoped to a company ID at the database level. No cross-tenant data leakage is architecturally possible.

Who Uses This

Real-world scenarios from businesses running on Oishia today.

F

Franchise Networks

Give each branch manager access only to their own location's data while head office sees everything.

E

Enterprises with Auditors

Every financial change is recorded with full before/after state, satisfying internal and external audit requirements.

Ready to activate Enterprise Security & RBAC?

Start your free trial and have this running in your business today.