Understanding Roles
The platform uses Role-Based Access Control (RBAC) to ensure every user sees only what they need and can only perform actions appropriate to their job function. The system follows three core principles:
- Least Privilege -- each role receives the minimum permissions required for the job
- Deny by Default -- if a permission is not explicitly granted, the feature is hidden and inaccessible
- Separation of Duties -- clear boundaries prevent conflicts of interest between roles
The Six Roles at a Glance
graph TD
A[Admin] -->|Full Access| ALL[All Modules & Settings]
B[Leadership] -->|View Only| VIEWS[Dashboard, Events, Analytics]
C[Scheduler] -->|Manage| STAFF[Assignments, Fill Rate, LOU]
D[Travel Coordinator] -->|Manage| TRAVEL[Travel, Pre-Arrival]
E[Supervisor] -->|Manage| OPS[Candidates, Surveys, Hotels]
F[OnsiteAdmin] -->|Manage| ONSITE[On-Site Tab Only]
Admin
Department: IT / System Administration
Description: The Admin role has unrestricted access to every feature and setting in the platform. Admins manage the platform itself -- creating users, configuring roles, adjusting system settings, and maintaining compliance templates.
Key Responsibilities
- Create and manage user accounts
- Assign and modify roles and permissions
- Configure system settings and feature flags
- Create and manage compliance document templates
- Manage all event lifecycle operations
- View and export audit logs
- Access all event tabs and modules without restriction
What Makes Admin Unique
- Only role that can create, update, or delete users
- Only role that can manage roles, permissions, and system settings
- Only role that can access audit logs
- Only role that can manage compliance templates and packets
- Only role with access to the Funnel tab (candidate funnel analytics)
- Only role that can create, edit, and delete events
- Automatically receives all permissions, including any new ones added in future updates
Typical Users
IT administrators, system owners, platform managers
Leadership
Department: Executive
Description: Leadership provides broad visibility with zero ability to modify data. Executives can monitor all events, review fill rates, view candidate statuses, and access analytics -- but they will never see action buttons like "Edit", "Delete", "Import", or "Assign" on any page.
Key Responsibilities
- Monitor active events and overall staffing progress
- Review fill rates and deployment metrics
- View candidate and assignment data across events
- Access analytics dashboards for strategic decision-making
What Leadership Can See
| Area | Access Level |
|---|---|
| Dashboard | View |
| Events list | View |
| Fill Rate tab | View |
| Assignments tab | View |
| Candidates tab | View |
| Surveys tab | View |
| LOU tab | View |
| Travel tab | View |
| On-Site tab | View |
| Work Tracking tab | View |
| Analytics | View |
What Leadership Cannot Do
- Create, edit, or delete events
- Modify any data (no action buttons appear)
- Access the Caregivers module
- Export data
- Access any admin or settings pages
- Manage users, roles, or permissions
Typical Users
Directors, Vice Presidents, C-suite executives, board observers
Scheduler
Department: Operations
Description: Schedulers are the engine of staffing operations. They manage the entire assignment workflow -- importing staffing data, creating manual assignments, defining shift requirements, tracking fill rates, and sending Letters of Understanding (LOUs).
Key Responsibilities
- Import caregiver and assignment data via CSV
- Create and manage assignments (manual assign, bulk operations)
- Define and track shift requirements and fill rates
- Send LOU campaigns to candidates
- Monitor work tracking data
- View caregiver records (update/delete via direct permissions only)
Permissions Breakdown
| Area | Access Level |
|---|---|
| Dashboard | View |
| Events list | View |
| Fill Rate tab | View + Export |
| Assignments tab | Full Access (view, manage, export) |
| LOU tab | View + Export + Send Campaigns |
| On-Site tab | View only |
| Work Tracking tab | View |
| Caregivers module | View only |
| Assignments module | Full CRUD |
What Scheduler Cannot Do
- Create, edit, or delete events
- Access Candidates or Surveys tabs on events
- Edit On-Site records
- Manage travel bookings
- Access Analytics, Hotels/Airports, or any admin pages
- Update/delete caregivers (unless granted via Direct Permissions)
Direct Permissions
The Scheduler role intentionally grants only View access to the Caregivers module. If a specific scheduler needs to import, update, or delete caregivers, an Admin can grant those individual permissions via Direct Permissions without changing the role.
Typical Users
Staffing coordinators, scheduling specialists, workforce planners
Travel Coordinator
Department: Travel / Logistics
Description: Travel Coordinators manage all travel logistics for deployed caregivers. They book flights and hotels, handle change requests, coordinate pre-arrival instructions, and manage travel for both regular events and rapid response deployments.
Key Responsibilities
- Book and manage caregiver travel (flights, hotels, ground transportation)
- Process travel change requests and cancellations
- Send pre-arrival instructions to caregivers
- Manage travel for Rapid Response deployments
- Export travel data for reporting
Permissions Breakdown
| Area | Access Level |
|---|---|
| Dashboard | View |
| Events list | View |
| Travel tab | Full Access (view, edit, export) |
| Pre-Arrival tab | View + Send |
| Rapid Response Travel | View + Edit |
What Travel Coordinator Cannot Do
- Access Fill Rate, Assignments, Candidates, Surveys, LOU, or On-Site tabs
- Access the Caregivers module
- Access Analytics or any admin pages
- Create, edit, or delete events
- Manage pre-arrival settings or templates (Admin only)
Scope
The Travel Coordinator role is intentionally narrow. It focuses exclusively on travel logistics. Caregiver information is visible within the Travel tab context (name, assignment details needed for booking), but the coordinator cannot access the full Caregivers module.
Typical Users
Travel coordinators, logistics specialists, travel agency liaisons
Supervisor
Department: Operations
Description: Supervisors provide operational oversight with hands-on management of candidate pools and surveys. They manage the candidate pipeline, deploy surveys, maintain hotel and airport reference data, and have broad visibility across most event tabs.
Key Responsibilities
- Manage candidate pools (update statuses, export data)
- Create, send, and analyze surveys
- Manage hotel and airport reference data
- Monitor fill rates, LOU status, travel, and on-site operations (view only)
- Review analytics dashboards
Permissions Breakdown
| Area | Access Level |
|---|---|
| Dashboard | View |
| Events list | View |
| Fill Rate tab | View |
| Candidates tab | Full Access (view, manage) |
| Surveys tab | Full Access (view, manage) |
| LOU tab | View |
| Travel tab | View |
| On-Site tab | View |
| Caregivers module | View only |
| Candidates module | View + Update + Export |
| Surveys module | View + Create + Update + Send + View Responses |
| Analytics | View |
| Hotels/Airports | Full Access (view, edit) |
What Supervisor Cannot Do
- Manage assignments or fill rate data
- Edit on-site records or travel bookings
- Send LOU campaigns
- Access Work Tracking tab
- Access any admin pages (users, roles, system settings)
- Export fill rate data
- Update/delete caregivers (unless granted via Direct Permissions)
Typical Users
Operations supervisors, team leads, regional managers
OnsiteAdmin
Department: Operations (on-site)
Description: OnsiteAdmin is the most focused role in the system. It provides full access to the On-Site tab and nothing else. This role is designed for personnel stationed at the facility who need to track arrivals, manage orientation, and handle on-site onboarding.
Key Responsibilities
- Track caregiver arrivals at the facility
- Manage orientation completion and verification
- Handle on-site onboarding paperwork
- Export on-site data for facility reporting
Permissions Breakdown
| Area | Access Level |
|---|---|
| Dashboard | View |
| Events list | View |
| On-Site tab | Full Access (view, edit, export) |
What OnsiteAdmin Cannot Do
- Access any other event tabs (Fill Rate, Assignments, Candidates, Surveys, LOU, Travel, Work Tracking)
- Access the Caregivers module (unless granted via Direct Permissions)
- Access Analytics, Hotels/Airports, or any admin pages
- Create, edit, or delete events
Direct Permissions
The OnsiteAdmin role is intentionally minimal. If an on-site administrator needs additional access (for example, viewing caregiver records or checking candidate statuses), an Admin can grant those permissions individually via Direct Permissions without elevating the entire role.
Typical Users
Facility managers, on-site coordinators, HR staff stationed at the facility
Role Comparison Summary
| Capability | Admin | Leadership | Scheduler | Travel Coord. | Supervisor | OnsiteAdmin |
|---|---|---|---|---|---|---|
| Dashboard | Full | View | View | View | View | View |
| Create/Edit Events | Yes | -- | -- | -- | -- | -- |
| Fill Rate Tab | Full | View | View+Export | -- | View | -- |
| Assignments Tab | Full | View | Full | -- | -- | -- |
| Candidates Tab | Full | View | -- | -- | Full | -- |
| Surveys Tab | Full | View | -- | -- | Full | -- |
| LOU Tab | Full | View | View+Send | -- | View | -- |
| Travel Tab | Full | View | -- | Full | View | -- |
| On-Site Tab | Full | View | View | -- | View | Full |
| Work Tracking | Full | View | View | -- | -- | -- |
| Caregivers Module | Full | -- | View | -- | View | -- |
| Analytics | Full | View | -- | -- | View | -- |
| Hotels/Airports | Full | -- | -- | -- | Full | -- |
| User Management | Full | -- | -- | -- | -- | -- |
| System Settings | Full | -- | -- | -- | -- | -- |
| Audit Logs | Full | -- | -- | -- | -- | -- |
| Compliance | Full | -- | -- | -- | -- | -- |
Legend: "Full" = view + create/edit/delete/export | "View" = read-only | "--" = no access | Bold = primary responsibility area
Direct Permissions
In addition to role-based permissions, Admins can assign Direct Permissions to individual users. This allows fine-grained access adjustments without creating new roles or modifying existing ones.
Example scenarios:
- A Scheduler who also needs to import caregivers receives
Caregivers.Importas a direct permission - An OnsiteAdmin who needs to view caregiver profiles receives
Caregivers.Viewas a direct permission - A Supervisor who needs to export survey responses receives
Surveys.ExportResponsesas a direct permission
Direct permissions are additive -- they can only grant access, never revoke role-based permissions.
Next Steps
- Navigating the App -- Learn the UI layout and navigation patterns
- Permission Matrix -- See the complete list of all permissions by role