Roles & Permissions
Understanding the role-based access control system on FairArena
Understanding Roles
FairArena uses a comprehensive role-based access control (RBAC) system to manage what users can do at different levels of the platform.
🎯 Three-Level Role System
1️⃣ Organization Level
Controls organization-wide access
2️⃣ Team Level
Manages team-specific permissions
3️⃣ Project Level
Defines project access rights
Role Hierarchy
How Roles Work Together
Organization Role (Broadest)
└── Grants organization-wide access
└── Team Role (Intermediate)
└── Controls team participation
└── Project Role (Specific)
└── Defines project permissionsKey Principles:
| Principle | Description | Example |
|---|---|---|
| Inheritance | Higher roles include lower permissions | Org Admin can access teams |
| Specificity | Project roles override team defaults | Project Lead > Team Member |
| Separation | Each level independent | Team role ≠ Project role |
| Flexibility | Multiple roles possible | Admin in Org, Member in Team |
Organization Roles
Standard Organization Roles
Supreme Authority
Full Permissions:
- ✅ Delete organization
- ✅ Transfer ownership
- ✅ Manage all settings
- ✅ Control billing
- ✅ Add/remove anyone
- ✅ Assign any role
- ✅ Create/delete teams
- ✅ Access all content
- ✅ View audit logs
- ✅ Override any decision
Limitations:
- Only ONE owner per organization
- Can transfer ownership to another member
Typical Users:
- Company founders
- CEOs
- Organization creators
Use Case:
Strategic decisions, critical changes, ownership transfers
High-Level Management
Can Do:
- ✅ Manage organization settings
- ✅ Create and manage teams
- ✅ Invite and remove members
- ✅ Assign roles (except owner)
- ✅ Configure organization profile
- ✅ Access audit logs
- ✅ Manage integrations
- ✅ Set policies
Cannot Do:
- ❌ Delete organization
- ❌ Remove owner
- ❌ Transfer ownership
- ❌ Assign owner role
Typical Users:
- CTOs, VPs
- Department heads
- Senior managers
Use Case:
Day-to-day management, member administration, team oversight
Standard Access
Can Do:
- ✅ View organization info
- ✅ Join teams (if allowed)
- ✅ Participate in projects
- ✅ Create teams (if permitted)
- ✅ View other members
- ✅ Use organization resources
- ✅ Follow organization
- ✅ Star organization
Cannot Do:
- ❌ Change organization settings
- ❌ Manage members
- ❌ Assign roles
- ❌ Delete content
- ❌ Access admin features
Typical Users:
- Regular employees
- Contributors
- Team members
Use Case:
Regular work, collaboration, project participation
Read-Only Observer
Can Do:
- ✅ View organization profile
- ✅ See public teams/projects
- ✅ View member list (if public)
- ✅ Follow organization
- ✅ Access public content
Cannot Do:
- ❌ Join teams
- ❌ Create projects
- ❌ Participate in work
- ❌ Edit anything
- ❌ Access private content
Typical Users:
- External stakeholders
- Auditors
- Contractors
- Observers
Use Case:
Monitoring, oversight, reporting, observation
Organization Permission Matrix
| Permission | Owner | Admin | Member | Viewer |
|---|---|---|---|---|
| View organization | ✅ | ✅ | ✅ | ✅ |
| Edit organization profile | ✅ | ✅ | ❌ | ❌ |
| Delete organization | ✅ | ❌ | ❌ | ❌ |
| Manage billing | ✅ | ⚠️ | ❌ | ❌ |
| Invite members | ✅ | ✅ | ❌ | ❌ |
| Remove members | ✅ | ✅ | ❌ | ❌ |
| Assign roles | ✅ | ✅* | ❌ | ❌ |
| Create teams | ✅ | ✅ | ⚠️ | ❌ |
| Delete teams | ✅ | ✅ | ❌ | ❌ |
| View audit logs | ✅ | ✅ | ❌ | ❌ |
| Manage settings | ✅ | ✅ | ❌ | ❌ |
| Join teams | ✅ | ✅ | ✅ | ❌ |
| View members | ✅ | ✅ | ✅ | ⚠️ |
*Cannot assign Owner role
⚠️ = If permission granted or setting enabled
Team Roles
Standard Team Roles
Team Leadership
Full Team Control:
- ✅ Delete team
- ✅ Transfer ownership
- ✅ All admin permissions
- ✅ Override decisions
- ✅ Manage all projects
- ✅ Control team settings
- ✅ Assign any team role
Typical Users:
- Team leads
- Project managers
- Department heads
Responsibility:
Team direction, structure, critical decisions
Team Management
Can Do:
- ✅ Manage team settings
- ✅ Create/manage projects
- ✅ Invite/remove members
- ✅ Assign roles (not owner)
- ✅ Configure team profile
- ✅ View audit logs
- ✅ Manage permissions
Cannot Do:
- ❌ Delete team
- ❌ Remove owner
- ❌ Transfer ownership
Typical Users:
- Senior team members
- Project coordinators
- Team leads (deputy)
Responsibility:
Daily management, member coordination
Active Contributor
Can Do:
- ✅ View team info
- ✅ Work on projects
- ✅ Create projects (usually)
- ✅ Collaborate with team
- ✅ Access team resources
- ✅ Participate in discussions
Cannot Do:
- ❌ Manage team
- ❌ Change settings
- ❌ Remove members
- ❌ Assign roles
Typical Users:
- Regular team members
- Developers, designers
- Contributors
Responsibility:
Project work, collaboration, delivery
Team Observer
Can Do:
- ✅ View team information
- ✅ See projects
- ✅ View members
- ✅ Read content
Cannot Do:
- ❌ Contribute to projects
- ❌ Create anything
- ❌ Edit content
- ❌ Participate actively
Typical Users:
- Stakeholders
- Observers
- External reviewers
Responsibility:
Monitoring, reporting, observation
Team Permission Matrix
| Permission | Owner | Admin | Member | Viewer |
|---|---|---|---|---|
| View team | ✅ | ✅ | ✅ | ✅ |
| Edit team profile | ✅ | ✅ | ❌ | ❌ |
| Delete team | ✅ | ❌ | ❌ | ❌ |
| Invite members | ✅ | ✅ | ⚠️ | ❌ |
| Remove members | ✅ | ✅ | ❌ | ❌ |
| Assign roles | ✅ | ✅* | ❌ | ❌ |
| Create projects | ✅ | ✅ | ✅ | ❌ |
| Delete projects | ✅ | ✅ | ❌ | ❌ |
| Manage settings | ✅ | ✅ | ❌ | ❌ |
| View audit logs | ✅ | ✅ | ❌ | ❌ |
| Work on projects | ✅ | ✅ | ✅ | ❌ |
| Comment | ✅ | ✅ | ✅ | ⚠️ |
Project Roles
Standard Project Roles
Project Leadership
Full Project Control:
- ✅ Delete project
- ✅ All permissions
- ✅ Manage all aspects
- ✅ Override decisions
- ✅ Control access
- ✅ Set direction
Typical: Project leads, PMs
Project Management
Can Do:
- ✅ Manage settings
- ✅ Add/remove members
- ✅ Assign roles (not owner)
- ✅ Edit content
- ✅ Configure project
Cannot: Delete project, remove owner
Typical: Senior contributors, coordinators
Active Worker
Can Do:
- ✅ Edit content
- ✅ Create content
- ✅ Comment
- ✅ Collaborate
- ✅ Submit work
Cannot: Manage members, settings
Typical: Developers, designers, writers
Review & Approve
Can Do:
- ✅ View content
- ✅ Comment
- ✅ Review work
- ✅ Approve/reject
Cannot: Edit content, manage
Typical: QA, reviewers, approvers
Observer Only
Can Do:
- ✅ View content
- ✅ Read discussions
Cannot: Edit, comment, participate
Typical: Stakeholders, observers
Project Permission Matrix
| Permission | Owner | Admin | Contributor | Reviewer | Viewer |
|---|---|---|---|---|---|
| View project | ✅ | ✅ | ✅ | ✅ | ✅ |
| Edit content | ✅ | ✅ | ✅ | ❌ | ❌ |
| Delete content | ✅ | ✅ | ⚠️ | ❌ | ❌ |
| Create content | ✅ | ✅ | ✅ | ❌ | ❌ |
| Comment | ✅ | ✅ | ✅ | ✅ | ⚠️ |
| Review/approve | ✅ | ✅ | ⚠️ | ✅ | ❌ |
| Add members | ✅ | ✅ | ⚠️ | ❌ | ❌ |
| Remove members | ✅ | ✅ | ❌ | ❌ | ❌ |
| Assign roles | ✅ | ✅* | ❌ | ❌ | ❌ |
| Edit settings | ✅ | ✅ | ❌ | ❌ | ❌ |
| Delete project | ✅ | ❌ | ❌ | ❌ | ❌ |
Custom Roles
Creating Custom Roles
Define roles tailored to your workflow:
Navigate to Role Management
Organization/Team/Project Settings → Roles → Create Custom Role
Name Your Role
Choose a descriptive name:
- "QA Engineer"
- "Content Editor"
- "Designer"
- "Stakeholder"
Select Permissions
Core Permissions:
- ☐ View content
- ☐ Create content
- ☐ Edit content
- ☐ Delete content
- ☐ Comment
- ☐ Review/approve
Member Permissions:
- ☐ View members
- ☐ Invite members
- ☐ Remove members
- ☐ Change member roles
Administrative:
- ☐ Edit settings
- ☐ Manage roles
- ☐ View audit logs
- ☐ Delete entity
Save and Assign
Role is ready to assign to members
Custom Role Examples
Permissions:
- ✅ View all content
- ✅ Comment on work
- ✅ Review and approve
- ✅ Report issues
- ❌ Edit content directly
- ❌ Delete anything
Use Case: Quality assurance, testing, validation
Permissions:
- ✅ View content
- ✅ Create content
- ✅ Edit content
- ✅ Comment
- ⚠️ Delete own content only
- ❌ Manage members
Use Case: Writers, editors, content creators
Permissions:
- ✅ View specific content
- ✅ Comment
- ✅ Review
- ❌ Edit anything
- ❌ See all content
- ❌ Access settings
Use Case: External consultants, client reviewers
Role Management
Assigning Roles
At Organization Level:
- Organization → Members
- Find member
- Options → Change Role
- Select new role
- Confirm
At Team Level:
- Team → Members
- Select member
- Change Role
- Apply
At Project Level:
- Project → Members
- Member options
- Assign role
- Save
Changing Roles
Single Member:
- Navigate to member
- Change role option
- Select new role
- Confirm
Bulk Changes:
- Select multiple members
- Bulk actions → Change Roles
- Apply new role
- Confirm all changes
Changing roles takes effect immediately. Members gain or lose access instantly based on the new role.
Removing Roles
When removing someone from a role:
| Level | Effect |
|---|---|
| Organization | Loses all org, team, project access |
| Team | Loses team and team's project access |
| Project | Loses only that project access |
Best Practices
Role Assignment
Smart Role Management
Principle of Least Privilege: Give minimum permissions needed
Regular Reviews: Audit roles quarterly
Clear Documentation: Document who has what access
Offboarding Process: Remove access promptly
Role Templates: Create standard roles for common positions
Security Guidelines
Do:
- ✅ Assign roles based on job function
- ✅ Review permissions regularly
- ✅ Use custom roles when needed
- ✅ Document role decisions
- ✅ Remove access promptly when not needed
- ✅ Use audit logs to track changes
Don't:
- ❌ Over-privilege users
- ❌ Share admin accounts
- ❌ Ignore role reviews
- ❌ Forget to remove ex-members
- ❌ Grant owner role casually
Troubleshooting
Next Steps
Questions about roles? Contact Support →