The SnapBill permission system runs according to a longest prefix match based system on top of the URL structure that we use in SnapBill.
By default all new users simply have the / permission enabled which gives them access to everything. If you choose to DENY /client (access to a single client) it will also block off the ability to add a client /client/add. A rule such as DENY /; ALLOW /client/add will block the user from doing anything except adding new clients.
Whether we allow or deny a given address to one of your users, depends on the action of the longest matching rule that you have defined.
Allowing /client/* will allow anything under /client excluding /client itself. See the examples section for use cases of this.
There are thousands of potential permissions throughout SnapBill so unfortunately we can't list them all here. If you're looking for a single one please feel free to contact support and we'll try help you out.
/billing: Access to the billing area
/clients: View simple listings and search all clients on the account
/client: View details about a specific client
/client/*: All the "/client" links below, but not including "/client" itself
/client/add: Add a new client to the account
/client/change_state: Change the state of an existing client
/client/payment_method: Change the payment method of an existing client
/client/remove: Remove a client from the account
/client/update: Update general details of a client
/editor: Access to the invoice editor
/email/add: Add (send) a new email to a client
/email: View an email that has been sent previously
/import/add: Upload a new import to SnapBill
/imports: Access to the imports area
/import: Access to a single import
/report/clients: Access to a specific report (the 'Clients' report)
/report: Access to the reporting section
/setup: Access to the setup area
/statistics/growth: Access to a specific statistics page
/statistics: Access to the statistics area
Allow access to search and view clients, but not to do anything else with them
DENY / ALLOW /clients ALLOW /client DENY /client/*
Allow access to the system as usual, but don't allow anything in the setup or statistics area
ALLOW / DENY /setup DENY /statistics
Allow only access to the 'Stacked Income' statistics report
DENY / ALLOW /statistics DENY /statistics/* ALLOW /statistics/stacked_income