Roles & permissions

Roles govern what a user can do. Rather than setting permissions person by person, you assign a role, and the role carries a defined set of permissions — so access is consistent, explainable, and easy to keep right.

The built-in roles

The platform provides a set of roles spanning the responsibilities in a regulated program — from Super Admin and Org Admin at the organization level, through Quality Manager and Project Manager, to Contributor and Viewer. Each represents a coherent level of access: a Viewer reads, a Contributor authors, a Quality Manager governs compliance-critical actions, an admin configures the system. Assigning the right role gives a person exactly the reach their job needs and no more.

Access levels and permissions

Behind each role is a set of permissions — the specific actions it allows — and an overall access level from read-only through full access. The role view shows a role’s key and enforced permissions, so you can see precisely what it grants before you assign it. Where roles overlap, priority determines which applies.

Separation of duties

Roles are how the platform enforces separation of duties: the ability to approve or to move a record into a controlled state can be reserved for the roles that should hold it, so authoring and approving stay in different hands. Combined with Project permissions, this lets organization-wide roles be tuned per project where a particular project needs tighter or looser access.