Platform Capabilities
Platform Capabilities is the system administrator’s reference for understanding how features are enabled, restricted, or hidden across the platform. A capability is available to a tenant only when every applicable gate is satisfied: the service must be deployed and registered, the tenant subscription must include the feature, the acting user’s role must permit access, any relevant feature flags must be on, and the menu must not have been customized to hide the item. This page explains each gate and how to diagnose a missing feature.
Accessing the Page
Section titled “Accessing the Page”- Route: No dedicated route — this is a documentation reference page for system administrators.
- Menu Path: Settings → System → Platform Capabilities
- Primary audience: System administrators only. Accessed via the system admin login at
system.portal.net— not the tenant portal.
What you can do here
Section titled “What you can do here”- Understand the five gates that control whether a feature is available to a tenant.
- Use this page as a diagnostic checklist when a feature is present for one tenant but missing for another.
- Learn the relationship between service registration, tenant subscription, feature flags, role gates, and menu customization.
- Identify the correct Settings page to check when each gate might be the cause of a missing capability.
Common tasks
Section titled “Common tasks”- Open Settings → System → Platform Capabilities at
system.portal.net. - Identify which gate is likely blocking the feature: service, subscription, feature flag, role, or menu.
- Navigate to the relevant Settings page (see the gate descriptions below) to inspect and adjust the configuration.
- Verify the feature appears for the tenant after correcting the gate.
- All five gates must pass simultaneously. A feature remains hidden if any single gate is blocking it.
- Feature flags and menu customization operate independently of role gates — a route can be protected by role but the menu item may still be visible to other roles (or vice versa).
- System admin operations at
system.portal.netare not visible in the tenant portal. Changes made here take effect for the tenant immediately without a tenant-side reload in most cases. - Tenant administrators troubleshooting a missing feature should share their tenant subdomain and the affected feature name with the system administrator for investigation.
Capability Gates
Section titled “Capability Gates”Service Registration
Section titled “Service Registration”A feature provided by a microservice is only available if the service is registered and active in the Micro Services registry. Each registered service contributes its own menu path, routes, and entity types to the platform.
| What to check | Where |
|---|---|
| Service is registered | Settings → System → Micro Services |
Service isActive is true | Edit the service record |
| Service health badge is green | Micro Services list — hover over an unhealthy badge for the error |
| Remote URL and API Base URL are correct | Edit the service record |
Tenant Subscription and Limits
Section titled “Tenant Subscription and Limits”A tenant’s subscription tier controls which modules and features are accessible. Subscription limits (maximum users, maximum micro-services) restrict how many entities can be active.
| What to check | Where |
|---|---|
| Tenant subscription is Active (not Demo, Suspended, or Cancelled) | Settings → System → Tenant Management |
| Subscription tier includes the feature | Tenant detail → Subscription tab |
| Maximum micro-service count has not been reached | Tenant detail → Limits section |
Feature Flags
Section titled “Feature Flags”Feature flags gate individual features independently of subscription tier. A flag can be on or off per-tenant. Some flags are controlled at the system level and apply to all tenants; others can be overridden per tenant.
| What to check | Where |
|---|---|
| Tenant-level feature flag is enabled | Tenant detail → Feature Flags tab |
| System-level flag (if applicable) is enabled | System admin feature flag settings |
Role Gates
Section titled “Role Gates”Protected routes require a minimum role. The portal enforces four main role levels:
| Role | Typical access scope |
|---|---|
| System Admin | System-wide pages at system.portal.net only |
| Super User | All tenant pages; required for most admin-level settings |
| Tenant Admin | Tenant configuration pages; cannot access system pages |
| Account Admin | Account-scoped pages; cannot access tenant-wide settings |
| Standard User | Module pages permitted by their authorization group |
If a user can navigate to a URL but the page shows an access-denied card, the role gate is blocking them. Elevate the user’s role or adjust their authorization group.
Menu Customization
Section titled “Menu Customization”A route may be accessible but invisible in the sidebar because the tenant’s menu has been customized to hide the item. Menu customization is separate from route protection — a hidden menu item does not block direct URL access.
| What to check | Where |
|---|---|
| Menu item has been hidden for this tenant | Settings → Customization → Navigation |
| Menu order or grouping has moved the item | Navigation customization page |
Related Pages
Section titled “Related Pages”- Micro Services — register, configure, and monitor microservices
- Tenant Management — manage tenant subscriptions, limits, and feature flags
- Service API Keys — platform-level API keys for service-to-service calls
- Feature Flags — tenant-level feature flag management