Roles & Permissions
Overview
Section titled “Overview”The system uses Role-Based Access Control (RBAC) to manage what users can see and do. Each user is assigned a role, and each role has specific permissions.
Built-In Roles
Section titled “Built-In Roles”The system includes these standard roles:
| Role | Priority | Access Level |
|---|---|---|
| Super Admin | 100 | Full system access including sensitive operations |
| Admin | 90 | Full dashboard access, team management |
| Team Lead | 50 | Dashboard access, manage assigned canvassers |
| Canvasser | 10 | Mobile app only, assigned voters |
| Pending | 0 | No access until approved |
Role Priority
Section titled “Role Priority”Each role has a priority number. Higher priority roles have more access:
- Users can only manage users with lower priority roles
- Team Leads can manage Canvassers but not other Team Leads or Admins
- Admins can manage everyone except Super Admins
- Only Super Admins can manage other Super Admins
Permissions by Role
Section titled “Permissions by Role”Super Admin
Section titled “Super Admin”Full access to everything, plus:
- Audit log access
- Data import/export
- System configuration
- Role management
- Can manage other Super Admins
- Full dashboard access
- Approve/reject new users
- Create and manage cut lists
- View all voters across all districts
- Create invite codes for Canvass app
- Manage events and call scripts
- View analytics and reports
Team Lead
Section titled “Team Lead”- Dashboard access
- View team members’ activity
- Manage assigned cut lists
- Create invite codes for CET app only
- View analytics for their team
Canvasser
Section titled “Canvasser”- Mobile app access only
- View assigned voters from cut lists
- Record contact results
- View and sign up for events
- Create CET invite codes
Managing Roles
Section titled “Managing Roles”To access role management:
- Click Roles in the sidebar (Super Admin only)
- View all roles and their permissions
- Click a role to see detailed permissions
Creating Custom Roles
Section titled “Creating Custom Roles”Super Admins can create custom roles:
- Go to Roles
- Click Create Role
- Enter a name and description
- Set the priority level
- Select permissions to grant
- Click Save
Assigning Roles
Section titled “Assigning Roles”To change a user’s role:
- Go to Team
- Click on the user
- Select a new role from the dropdown
- Click Save
You can only assign roles with a lower priority than your own role.
Invite Code Permissions
Section titled “Invite Code Permissions”Different roles have different invite code permissions:
| Role | Can Create | App Types |
|---|---|---|
| Super Admin / Admin | Yes | Both Canvass and CET |
| Team Lead | Yes | CET only |
| Canvasser | Yes | CET only |
Dashboard Access
Section titled “Dashboard Access”Dashboard access is controlled by role:
- Super Admin, Admin, Team Lead - Can access the admin dashboard
- Canvasser - Mobile app only, no dashboard access
The system checks dashboard access using the can_access_admin_dashboard() function.
Best Practices
Section titled “Best Practices”Role Assignment
Section titled “Role Assignment”- Start users as Canvassers and promote as needed
- Use Team Lead for coordinators who need limited admin access
- Reserve Admin for trusted campaign staff
- Keep Super Admin count minimal
Security
Section titled “Security”- Review roles periodically
- Remove access when volunteers leave
- Use audit logs to monitor sensitive actions
- Don’t share Super Admin credentials