Invite the team and assign roles
Ministrium operates with role-based access control (RBAC): each user has a functional role that defines what they can do and, optionally, a campus scope that limits what they can see. This page describes how to invite new collaborators and assign the right role. For the full catalogue of the 9 roles, see Roles and permissions.
Steps
Open the Team module
In the side menu, open Church → Team. You’ll see the list of current users and the Invite staff button.
Fill in the staff member’s data
- Full name: the collaborator’s name as it should appear in the internal list.
- Email: the invitation is sent to this email. It will also be their username for sign-in.
Use the institutional email when one exists (for example pastor@yourchurch.org). Personal email works but creates dependencies: if the person resigns, their personal email remains the only access to church information until the admin deactivates it.
Assign a role
Choose one of the 9 functional roles:
| Role | For whom |
|---|---|
| admin | General church administrator. Full access, authorizes payments, configures everything. |
| pastor | Lead or campus pastor. Full pastoral visibility, no financial authority. |
| supervisor | Zone or regional supervisor. Aggregated read access across multiple campuses. |
| secretary | Day-to-day operations. CRM, events, kiosk, no sensitive financial. |
| accountant | Approves payments, issues tax-deductible receipts, syncs with QuickBooks. |
| finance | Same as accountant, but without authority to approve payments. Useful for accounting assistants. |
| ministry_leader | Leader of a ministry. Sees and operates only their ministry. |
| cell_leader | Cell leader. Sees only members of their cells. |
| member | Congregation member. Sees their own record, donations, and registrations. |
For the full detail of what each role can do, see Roles and permissions.
Limit campus scope (optional)
If your church has multiple campuses, you can restrict the user to one or several:
- No restriction → sees all campuses.
- Restricted to one campus → only that campus.
- Restricted to several → the campuses you choose (typical for zone supervisors).
The scope is applied structurally at the database level: the user cannot see data from a campus outside their scope, not even by accident. See Isolation between churches.
The accountant and finance roles are an exception: by convention they handle the entire church (they’re not restricted to a campus), because accounting is centralized.
Send the invitation
Click Send invitation. The collaborator receives an email with:
- Who is inviting them and to which church.
- The assigned role and campus scope.
- A single-use link to create their password.
The link expires in 7 days. If the person doesn’t respond in time, go to Church → Team → Pending and click Resend invitation.
MFA activation
For the admin, pastor, accountant, and finance roles, Ministrium requires MFA (two-factor authentication) from the first login. The interface guides the user to set up a TOTP app (Google Authenticator, Authy, 1Password) in less than a minute.
For all other roles, MFA is optional but recommended. See MFA and password policy.
Composite roles
A user can have composite roles combining responsibilities. Common examples:
- pastor + cell_leader — the pastor who also leads their own cell.
- accountant + ministry_leader — the accountant who also leads the worship ministry.
To assign multiple roles, go to Church → Team → Edit user and add each role. Permissions accumulate: the user has everything each role allows, and the interface adapts to show the modules relevant to the combination.
Change or remove a role
Go to Church → Team → Edit user and modify the role or scope. If the user leaves the church:
- Change their role to member (which leaves them with access only to their own record) or deactivate the account (which blocks it).
- Do not delete the account: deletion would break the audit trail. The correct action is to deactivate.
Every change is logged in the audit with who did it, when, and from which IP.
Next steps
- Roles and permissions — the full detail of what each role does.
- MFA and password policy — how each account is protected.
- Import members — to add the congregation, not just the staff.