Manual Identity & Access

Roles and permissions

A role is a named group of permissions. You assign a role to each user, and the role decides what they can do.

The permission matrix

The matrix is a grid of roles against your tables, with a tick for each action a role may perform:

  • Create a new record.
  • Read (view) records.
  • Update an existing record.
  • Delete a record.

Tick the boxes for each role. App Admin always has full access and cannot be locked out.

Record scope: own vs all

Beyond create/read/update/delete, you can narrow what a role sees:

  • All records in the table.
  • Own records (only the ones that user created).
  • Assigned records (only the ones assigned to that user).

Use scope when, for example, an officer should only see their own submissions, not everyone's.

Tips

  • Start from the built-in User role and grant it the minimum it needs.
  • Add a custom role only when a real group of people needs a different set of permissions.
  • Use the role preview to check what a given role can see before you generate.

Where to next

  • Identity and Access overview covers login, the App Admin account, and registration.