Skip to Content
Roles & PermissionsRole hierarchy

Role hierarchy

This page lists the system roles and who each is intended for. For what each one can do, see the permission matrix.

Visual hierarchy

org_admin
  └─ finance     (parallel: finance only)
  └─ campus_admin
       └─ leader
            └─ staff
                 └─ member

Roles don’t inherit automatically: being org_admin doesn’t give you the leader role of a specific group. But their permissions do: org_admin already includes everything leader can do, and more.

The roles one by one

org_admin

  • For: senior pastor, church administrator.
  • Scope: whole organization, all campuses.
  • Can: everything. The only role that can create/delete other admin users, connect Stripe, or change the plan.

campus_admin

  • For: pastor or coordinator of a single campus.
  • Scope: one campus (set in the assignment).
  • Can: operate the whole campus (CRM, attendance, events, communications) but not see other campuses or change the plan.

finance

  • For: treasurer, bookkeeper.
  • Scope: whole org, finance module only.
  • Can: see donations, payouts, export to QuickBooks, issue receipts. Cannot see members or change permissions.

leader

  • For: cell-group leader.
  • Scope: their groups.
  • Can: see members of their group, mark group attendance, communicate with the group.

staff

  • For: operational volunteer (welcome, kiosk, kids).
  • Scope: configurable; typically a campus or a module.
  • Can: whatever the module needs. At kiosk, mark attendance and register visitors; in kids, do check-in.

member

  • For: regular member with the mobile app.
  • Scope: themselves and their family.
  • Can: see their profile, their donations, check in, register for events.
Don't mix finance with member

If a regular member is also the treasurer, give them two roles: member for their personal access and finance for the admin access. Don’t merge them into a hybrid role.

Last updated on
RBAC modelPermission matrix