Permission Matrix
Organization Admin · Event Coordinator · Treasurer · Board Member · Document Manager · Family Lead · Family Worker · Guest Worker · Venue Admin · Venue Coordinator · Gate Attendant · Operator Admin · Operator Coordinator
This table shows the specific capabilities granted to each built-in role. Use it when deciding which role to assign to a user, or when deciding whether to create a custom role.
For a conceptual explanation of how roles and permissions work, see Understanding Roles and Permissions.
How to read this table
- Full — the role has all permissions in this category
- A short description — the role has specific (not all) permissions in this category; the description lists what is included
- blank — the role has no permissions in this category
The Admin role is not listed — it bypasses all permission checks and can do everything.
NPO organization roles
Family Accounts
| Permission | Org Admin | Event Coordinator | Treasurer | Board Member | Document Manager | Family Lead | Family Worker | Guest Worker |
|---|---|---|---|---|---|---|---|---|
| View own account | Yes | Yes | Yes | Yes | ||||
| View all accounts | Yes | Yes | Yes | |||||
| Edit own account | Yes | Yes | ||||||
| Edit all accounts | Yes | |||||||
| Create/delete accounts | Yes | |||||||
| View own transactions | Yes | Yes | Yes | Yes | ||||
| View all transactions | Yes | Yes | Yes | |||||
| Manually add/edit transactions | Yes | Yes | ||||||
| Export family data | Yes |
Event Management
| Permission | Org Admin | Event Coordinator | Treasurer | Board Member | Document Manager | Family Lead | Family Worker | Guest Worker |
|---|---|---|---|---|---|---|---|---|
| View events | Yes | Yes | Yes | Yes | Yes | |||
| Create and edit events | Yes | Yes | ||||||
| Delete events | Yes | |||||||
| Assign workers | Yes | Yes | ||||||
| Remove workers | Yes | Yes | ||||||
| Enter/edit commission data | Yes | Yes | ||||||
| Toggle fund distribution | Yes | Yes | ||||||
| Record attendance | Yes | Yes | ||||||
| View and export event reports | Yes | Yes | Yes | |||||
| Manage settlement templates | Yes | |||||||
| Assign settlement templates | Yes | Yes | ||||||
| Settle events | Yes | Yes | ||||||
| Reverse settlements | Yes | |||||||
| Manage rosters | Yes | Yes | ||||||
| Record financials | Yes | Yes |
Scholarships
| Permission | Org Admin | Event Coordinator | Treasurer | Board Member | Document Manager | Family Lead | Family Worker | Guest Worker |
|---|---|---|---|---|---|---|---|---|
| Submit own requests | Yes | Yes | ||||||
| View all requests | Yes | Yes | ||||||
| Approve or deny requests | Yes | Yes | ||||||
| Process payments | Yes | Yes | ||||||
| Modify request details | Yes |
Fund Management
| Permission | Org Admin | Event Coordinator | Treasurer | Board Member | Document Manager | Family Lead | Family Worker | Guest Worker |
|---|---|---|---|---|---|---|---|---|
| View fund balances | Yes | Yes | Yes | |||||
| Configure distribution rates | Yes | |||||||
| Toggle fund deductions | Yes | |||||||
| View fund transactions | Yes | Yes | Yes | |||||
| Export fund reports | Yes | Yes |
Documents
| Permission | Org Admin | Event Coordinator | Treasurer | Board Member | Document Manager | Family Lead | Family Worker | Guest Worker |
|---|---|---|---|---|---|---|---|---|
| Upload own documents | Yes | Yes | ||||||
| Upload for any family | Yes | Yes | ||||||
| View own documents | Yes | Yes | ||||||
| View all documents | Yes | Yes | ||||||
| Manage document templates | Yes | Yes | ||||||
| Distribute for signature | Yes | Yes | ||||||
| View compliance reports | Yes | Yes | Yes |
Communication
| Permission | Org Admin | Event Coordinator | Treasurer | Board Member | Document Manager | Family Lead | Family Worker | Guest Worker |
|---|---|---|---|---|---|---|---|---|
| Send messages to individuals | Yes | |||||||
| Send bulk communications | Yes | |||||||
| Manage notification templates | Yes | |||||||
| View communication history | Yes |
System Administration
| Permission | Org Admin | Event Coordinator | Treasurer | Board Member | Document Manager | Family Lead | Family Worker | Guest Worker |
|---|---|---|---|---|---|---|---|---|
| Create and edit roles | Yes | |||||||
| Assign roles | Yes | |||||||
| View roles | Yes | |||||||
| Configure security policies | Yes | |||||||
| Manage system settings | Yes | |||||||
| View audit logs | Yes | |||||||
| Data backup and restore | Yes |
Admin Panel (user management)
| Permission | Org Admin | Event Coordinator | Treasurer | Board Member | Document Manager | Family Lead | Family Worker | Guest Worker |
|---|---|---|---|---|---|---|---|---|
| View user directory | Yes | |||||||
| Manage users (create, edit, deactivate) | Yes | |||||||
| Send invitations | Yes | |||||||
| Force logout / revoke sessions | Yes |
Ledger, Billing, and API
| Permission | Org Admin | Event Coordinator | Treasurer | Board Member | Document Manager | Family Lead | Family Worker | Guest Worker |
|---|---|---|---|---|---|---|---|---|
| View ledger | Yes | Yes | Yes | |||||
| Create ledger entries | Yes | Yes | ||||||
| Void ledger entries | Yes | |||||||
| View billing | Yes | Yes | Yes | |||||
| Manage billing | Yes | |||||||
| Create API tokens | Yes | |||||||
| View own API tokens | Yes | |||||||
| Revoke own API tokens | Yes |
Library, Directory, and Other
| Permission | Org Admin | Event Coordinator | Treasurer | Board Member | Document Manager | Family Lead | Family Worker | Guest Worker |
|---|---|---|---|---|---|---|---|---|
| View library content | Yes | Yes | ||||||
| Manage library content | Yes | |||||||
| View library analytics | Yes | |||||||
| Manage library categories | Yes | |||||||
| View member directory | Yes | Yes | ||||||
| Create announcements | Yes | Yes | ||||||
| Manage announcements | Yes | |||||||
| Manage FAQ | Yes | |||||||
| Submit feedback | Yes | Yes | Yes | |||||
| Manage feedback | Yes | |||||||
| View groups | Yes | Yes | ||||||
| Manage groups | Yes | Yes | ||||||
| Import / create families | Yes |
Collaboration (cross-org)
| Permission | Org Admin | Event Coordinator | Treasurer | Board Member | Document Manager | Family Lead | Family Worker | Guest Worker |
|---|---|---|---|---|---|---|---|---|
| Manage partnerships | Yes | Yes | ||||||
| Invite partners to events | Yes | Yes | ||||||
| Manage cross-org assignments | Yes | Yes | ||||||
| View collaboration details | Yes | Yes | ||||||
| Settle collaboration payouts | Yes |
Guest worker portal
| Permission | Guest Worker |
|---|---|
| View own assigned events | Yes |
| View own assignment details and earnings | Yes |
Venue and operator roles
Venue profile and staff
| Permission | Venue Admin | Venue Coordinator | Gate Attendant | Operator Admin | Operator Coordinator |
|---|---|---|---|---|---|
| View venue profile | Yes | Yes | Yes | Yes | Yes |
| Manage venue profile and settings | Yes | Yes | |||
| View venue staff | Yes | Yes | Yes | Yes | |
| Manage venue staff | Yes | Yes | |||
| View venue billing | Yes | Yes | Yes | Yes | |
| Manage venue billing | Yes | Yes | |||
| View venues | Yes | Yes | Yes | ||
| Manage venues | Yes | Yes |
Operations and events
| Permission | Venue Admin | Venue Coordinator | Gate Attendant | Operator Admin | Operator Coordinator |
|---|---|---|---|---|---|
| View operations dashboard | Yes | Yes | |||
| View system health | Yes | ||||
| Export operations metrics | Yes | ||||
| View events | Yes | Yes | |||
| View and export event reports | Yes | Yes |
Groups, directory, and API
| Permission | Venue Admin | Venue Coordinator | Gate Attendant | Operator Admin | Operator Coordinator |
|---|---|---|---|---|---|
| View groups | Yes | Yes | |||
| Manage groups | Yes | ||||
| View member directory | Yes | Yes | |||
| Create announcements | Yes | Yes | |||
| Manage announcements | Yes | ||||
| Create API tokens | Yes | ||||
| View own API tokens | Yes | ||||
| Revoke own API tokens | Yes |
Key rules
System roles cannot be edited
Admin and Venue Admin are system roles. Attempting to edit or delete them returns an error. All other built-in roles can be modified.
view_all implies view_own
Within a category, having a view_all permission automatically satisfies a view_own check. For example, a Treasurer with family_account.view_all does not also need family_account.view_own — the broader permission covers the narrower one. This applies only to view permissions; edit permissions do not chain.
Permission cache
Permission changes take effect within 5 minutes. When you change a user's roles, their cache is cleared immediately. When you edit a role's permission set, all users' caches are cleared at once. Either way, the change is reflected on each user's next request within the cache window.
Next Steps
- Manage Users and Roles — step-by-step guide to assigning roles and inviting users
- User Roles reference — role descriptions and permission category overview
- Understanding Roles and Permissions — conceptual explanation of how the RBAC system works