# Roles and Permissions In default QuickAdminPanel generator, we generate two user roles - **Administrator** and **Simple User**. They both have the same permissions for all CRUDs and Modules, except for User Management which is available **only** for administrator. The whole Permissions system is stored in the database in these DB tables: * permissions * roles * permission\_role * role\_user ![](https://laraveldaily.com/wp-content/uploads/2019/03/roles-permissions.png) ![](https://laraveldaily.com/wp-content/uploads/2019/03/roles-permissions-pivot.png) Every CRUD has five default permissions generated: * **\*\_access** (whether user sees menu item in sidebar) * **\*\_create** (whether user can access create form and add new record) * **\*\_edit** (whether user can access edit form and update existing record) * **\*\_show** (whether user can access "show" page of a record) * **\*\_delete** (whether user can delete records) \ These records are seeded with Seeder files, see examples below: ![](https://laraveldaily.com/wp-content/uploads/2019/03/roles-permissions-seed-permission.png) ![](https://laraveldaily.com/wp-content/uploads/2019/03/roles-permissions-seed-pivot.png) If you want to change permissions in downloaded panel, you can log in as Administrator user and go to menu item User Management -> Roles, and then assign all permissions you want to a particular role, by editing it. ![](https://laraveldaily.com/wp-content/uploads/2019/03/roles-permissions-editing.png) In the generated code, we check the permissions in every method of Controller, see **Gate** and **abort\_unless()** methods in example: ``` class BooksController extends Controller { public function index() { abort_unless(\Gate::allows('book_access'), 403); $books = Book::all(); return view('admin.books.index', compact('books')); } public function create() { abort_unless(\Gate::allows('book_create'), 403); return view('admin.books.create'); } public function store(StoreBookRequest $request) { abort_unless(\Gate::allows('book_create'), 403); $book = Book::create($request->all()); return redirect()->route('admin.books.index'); } public function edit(Book $book) { abort_unless(\Gate::allows('book_edit'), 403); return view('admin.books.edit', compact('book')); } public function update(UpdateBookRequest $request, Book $book) { abort_unless(\Gate::allows('book_edit'), 403); $book->update($request->all()); return redirect()->route('admin.books.index'); } public function show(Book $book) { abort_unless(\Gate::allows('book_show'), 403); return view('admin.books.show', compact('book')); } public function destroy(Book $book) { abort_unless(\Gate::allows('book_delete'), 403); $book->delete(); return back(); } } ``` On top of that, we add a check in [Form Request classes](https://laravel.com/docs/validation#creating-form-requests), see example: ``` class StoreBookRequest extends FormRequest { public function authorize() { return \Gate::allows('book_create'); } } ``` For more information, how Gates work in Laravel, see [official Laravel documentation](https://laravel.com/docs/authorization#writing-gates). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://helpdocs.quickadminpanel.com/create-panel/roles-permissions.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.