Admin: Roles and Permissions

The Roles tab lets administrators configure exactly what each user role can do across the system. Changes take effect immediately for all users holding that role.

Navigate to Admin > Roles.

---

Understanding Roles

The NISC Mustering System uses four built-in roles. Every user account is assigned exactly one role.

Role	Badge Colour	Typical User
Admin	Red	IT administrator, system owner
Safety	Orange/Amber	Safety officer, emergency coordinator
Operator	Blue	Control room operator, security desk
Viewer	Grey	Read-only observer, management reporting

Admin Role

The Admin role has full, unrestricted access to everything in the system. Admin permissions are permanently enabled and cannot be reduced. The permission matrix shows Admin checkboxes as locked (checked and greyed out) to reflect this.

Warning: Assign the Admin role sparingly. Admins can create and delete user accounts, modify permissions for all other roles, and change system settings.

Safety Role

Safety Officers can access all operational features required to conduct a muster: viewing personnel locations, running muster events, sending alerts, and generating reports. By default, Safety Officers cannot manage system configuration or user accounts. These permissions can be adjusted.

Operator Role

Operators have read access to live tracking data and the ability to acknowledge alerts. They are intended for control room staff who monitor the system but do not manage it. By default, Operators cannot create or delete records.

Viewer Role

Viewers have read-only access. They can see dashboards and reports but cannot take any action that modifies data. Suitable for executives or auditors who need visibility without operational access.

---

The Permission Matrix

Screenshot placeholder: [Permission matrix showing Resource / Permission column and role columns with checkboxes]

The permission matrix is a table where:

• Rows are individual permissions, grouped by resource (e.g. Personnel, Buildings, Beacons)
• Columns are the four roles
• Cells are checkboxes indicating whether that role currently has that permission

The Admin column is always fully checked and cannot be edited.

Resource Groups

Permissions are organised into expandable resource groups. Click a resource group header row to expand or collapse its individual permissions. The header row also shows a summary count (e.g. 3/5) indicating how many permissions in that group each role currently holds.

Use the Expand All and Collapse All buttons in the top-right corner to open or close all groups at once.

Reading the Permission Summary

At the top of the matrix, three summary cards show:

• Roles — total number of roles in the system
• Permissions — total number of individual permission entries
• Resources — total number of resource groups

Each role column header shows the role's name badge and a count in the format X/Y (permissions enabled / total permissions).

---

Granting a Permission

1. Navigate to Admin > Roles.
2. Find the resource group containing the permission you want to grant (e.g. expand Personnel to find "Create").
3. Locate the column for the target role (e.g. Operator).
4. Click the checkbox in the intersection cell to tick it. The checkbox turns filled.
5. A yellow save bar appears at the bottom of the page showing the number of changed roles and a summary of additions and removals.
6. Review the pending changes in the save bar. You can continue making more changes before saving.
7. Click Save Changes in the save bar.
8. A confirmation dialog lists the affected roles and the number of permissions added or removed.
9. Click Save to confirm. The changes are applied immediately.

Revoking a Permission

1. Find the permission and role as above.
2. Click the ticked checkbox to untick it.
3. The save bar appears.
4. Click Save Changes, confirm in the dialog.

Discarding Pending Changes

If you have made changes and want to revert them before saving:

1. Click Discard in the save bar.
2. All unsaved changes are reverted to the last saved state.

Note: The Discard button only undoes changes made in the current editing session. It cannot undo changes that have already been saved.

---

Common Permission Scenarios

Allow Safety Officers to manage Personnel records

By default, Safety Officers may only view personnel. To allow them to create and edit personnel:

1. Expand the Personnel resource group.
2. In the Safety column, tick the Create and Update checkboxes.
3. Save Changes.

Restrict Operators to read-only on Beacons

If you want Operators to see beacon information but not modify it:

1. Expand the Beacons resource group.
2. In the Operator column, ensure only the Read checkbox is ticked.
3. Untick Create, Update, and Delete if they are currently enabled.
4. Save Changes.

Give Viewers access to Audit Logs

1. Expand the Audit resource group.
2. In the Viewer column, tick the Read checkbox.
3. Save Changes.

---

Important Notes

• Permission changes take effect immediately — there is no "activation delay".
• Users who are currently logged in when permissions are changed will see the new permissions applied on their next action.
• You cannot reduce Admin permissions. If you need to restrict an Admin user, change their role to a lower-privilege role from the People > Users section.
• The permission system is additive: users have the union of all permissions granted to their single assigned role.