Documentation

Roles and Permissions

Organization Roles and Permissions

Transfur uses a role-based access control system to manage permissions within organizations. This system ensures that users have appropriate access to features and data based on their responsibilities.

Role Hierarchy

The system follows a hierarchical structure where higher roles inherit capabilities and can manage lower roles:

Owner - Full control

Admin - Management access

Moderator - Organizational moderation access

Volunteer - Limited operational access

Available Roles

Owner

Full organizational control with all permissions

The Owner role has complete control over the organization and all its resources. This is typically assigned to the organization founder or primary administrator.

Key Capabilities:

  • Complete organization management (create, update, delete, settings)
  • Full member management (invite, assign roles, remove members)
  • Complete financial control (billing management)
  • All content and request management
  • Can assign any role including other owners

Admin

Management access to most organizational resources

Admins can handle most day-to-day management tasks but cannot delete the organization or manage billing independently.

Key Capabilities:

  • Organization settings management (but cannot delete organization)
  • Full member management (invite, assign roles up to admin level)
  • Complete request and volunteer management
  • Full content management
  • Can view and edit volunteer information
  • Billing visibility (read-only)

Restrictions:

  • Cannot delete the organization
  • Cannot manage billing (read-only access)
  • Cannot assign owner roles

Moderator

Content management with operational focus

Moderators focus on content and operational tasks, particularly managing requests and overseeing foster and volunteer activities.

Key Capabilities:

  • Request management (create, view, edit)
  • Read access to organization and member information
  • Can contact volunteers and view contact information on specific projects that volunteers have offered help on
  • Analytics visibility for operational insights

Use Cases:

  • Transport Request coordinators
  • Foster Home coordinators
  • Volunteer coordinators

Volunteer

Operational access for direct service

Volunteers have targeted access to perform their rescue and foster work effectively.

Key Capabilities:

  • Request management (view, volunteer)
  • Organization information access

Use Cases:

  • Foster volunteers
  • Transport volunteers
  • Field rescue volunteers

Role Assignment Rules

Who Can Assign Roles

  • Owners: Can assign any role, including other owners
  • Admins: Can assign volunteer, moderator, and admin roles
  • Moderators: Can assign volunteer roles
  • Volunteers: Cannot assign roles

Assignment Restrictions

  1. Owner Protection: Only existing owners can assign owner roles
  2. Hierarchy Respect: Users can only assign roles equal to or below their own level
  3. Self-Assignment: Users cannot change their own role (requires another authorized user)

Best Practices

Role Assignment Strategy

  1. Start Conservative: Begin with lower-level roles and elevate as needed
  2. Regular Review: Periodically audit role assignments for appropriateness
  3. Document Changes: Keep records of role changes for accountability
  4. Emergency Access: Ensure multiple owners are designated for continuity

Security Considerations

  1. Principle of Least Privilege: Assign the minimum role necessary for user responsibilities
  2. Owner Role Limitation: Limit the number of owner-level accounts
  3. Regular Audits: Review permissions regularly, especially for high-privilege roles
  4. Offboarding Process: Ensure role removal when users leave the organization

Common Use Cases

Animal Rescue Organization

  • Owners: Organization founders, executive directors
  • Admins: Operations managers, senior coordinators
  • Moderators: Foster coordinators, volunteer managers
  • Volunteers: Foster families, transport volunteers, field rescuers

Managing Roles

Role assignments can be managed through the Members section of your organization dashboard. Users with appropriate permissions can:

  1. View current role assignments
  2. Send invitations with pre-assigned roles
  3. Modify existing member roles
  4. Remove members from the organization

Troubleshooting

Common Issues

"I can't assign a role to someone"

  • Verify you have manage_members permission
  • Ensure the target role is within your assignable range
  • Check that the user is already a member of the organization

"A user can't access a feature they should have"

  • Verify their current role assignment
  • Check if the feature requires specific permissions
  • Ensure they're logged into the correct organization context

"Too many people have high-level access"

  • Review and audit current role assignments
  • Consider creating more moderator roles instead of admin roles
  • Document the business justification for each high-privilege account