Roles & Permissions System

ikigize implements a sophisticated role-based access control (RBAC) system where users can hold multiple roles simultaneously at each entity level. Each role grants specific permissions, and users inherit all permissions from all their assigned roles, creating a flexible and powerful access control mechanism.

What is the Roles & Permissions System?

The roles and permissions system defines what users can do across the platform. Roles define relationships users have with entities, while permissions grant specific capabilities. Users can have multiple roles at each entity, and inherit all permissions from those roles.

Core Concepts

Multiple Roles Per User

Flexible Assignments: Users can have as many roles as needed at each entity level, enabling them to fulfill multiple responsibilities.

Additive Permissions: Permissions from all assigned roles are combined, with the most permissive access taking precedence.

Independent Roles: Each role assignment is independent - adding or removing one role doesn't affect others.

Contextual Roles: Users can have different role combinations at different entities (e.g., Student in one course, Instructor in another).

Permission Inheritance Rules

  1. Additive: All permissions from all roles are combined
  2. Most Permissive Wins: If permissions conflict, broader access is granted
  3. No Reduction: Adding roles never reduces existing permissions
  4. Explicit Deny: System-level denies override all grants (used sparingly for security)

Role Hierarchy

Roles exist at specific entity levels in the platform hierarchy:

  • Organization Level → Campus Level → Course Level → Module Level → Session/Task Level

Roles at higher levels don't automatically cascade down. A Campus Admin is not automatically a Course Admin for all courses in that campus - roles must be explicitly assigned at each level.

Explicit Assignment

No Automatic Propagation: Higher-level roles don't grant lower-level access automatically Clear Visibility: Users always know exactly which roles they have and where Precise Control: Administrators can grant exactly the access needed at each level Audit Trail: All role assignments are tracked and can be audited

Roles by Entity Level

Organization Level
Top-level organizational structure and settings
Superadmin
Admin
Member
Author
Analyst

5 roles available at this level

Campus Level
Educational institutions and learning ecosystems
Superadmin
Admin
Member
Author
Moderator

5 roles available at this level

Course Level
Individual courses and learning programs
Superadmin
Admin
Instructor
Student
Teaching Assistant

5 roles available at this level

Module Level
Course components and learning units
Superadmin
Admin
Instructor
Student
Author

5 roles available at this level

Session Level
Live sessions, meetings, and events
Organiser
Facilitator
Co-Facilitator
Participant
Observer

5 roles available at this level

Task Level
Assignments, assessments, and learning activities
Owner
Instructor
Teaching Assistant
Student
Reviewer

5 roles available at this level

Permission Matrices by Entity Level

Each entity level has its own set of roles and permissions. The matrices below show exactly what each role can do at each level.

Organization Level

Organization Level Roles & Permissions
Complete permission matrix showing all organization-level roles and their capabilities
PermissionSuperadminAdminMemberAuthorAnalyst
Core Access
View Organization
View Organization Profile
View All People
Content Management
Create Campus
View All Content
Manage Content
Archive Content
People Management
Manage People
Assign Roles
Remove Members
View Member Activity
Financial
Set Pricing
Manage Revenue
View Financial Reports
Process Payments
Administration
Manage Organization Settings
Manage Integrations
View Analytics
Manage Branding

Key Principles:

  • Users can have multiple roles at the same entity
  • Permissions are additive - users get all permissions from all their roles
  • Most permissive access always wins when permissions overlap

Campus Level

Campus Level Roles & Permissions
Complete permission matrix showing all campus-level roles and their capabilities
PermissionSuperadminAdminMemberAuthorModerator
Core Access
View Campus
View Campus Profile
Content Management
Edit Campus Content
Create Public Courses
Create Public Sessions
Archive Campus Content
Manage Campus Calendar
User Management
Manage Campus Users
View Campus Members
Invite Campus Members
Library Management
View Library
Curate Library
Manage Library Permissions
Financial & Analytics
Set Campus Pricing
View Campus Revenue
Moderate Campus
View Campus Analytics

Key Principles:

  • Users can have multiple roles at the same entity
  • Permissions are additive - users get all permissions from all their roles
  • Most permissive access always wins when permissions overlap

Course Level

Course Level Roles & Permissions
Complete permission matrix showing all course-level roles and their capabilities
PermissionSuperadminAdminInstructorStudentTeaching Assistant
Core Access
View Course
View Course Details
Content Management
Create Module
Edit Course Content
Archive Course Content
Manage Course Calendar
User Management
Manage Course Users
View Course Members
Invite Course Members
Remove Course Members
Delivery & Grading
Deliver Course
Grade Submissions
Provide Feedback
View Submissions
Moderation & Analytics
Moderate Course
View Course Analytics
Export Course Data

Key Principles:

  • Users can have multiple roles at the same entity
  • Permissions are additive - users get all permissions from all their roles
  • Most permissive access always wins when permissions overlap

Module Level

Module Level Roles & Permissions
Complete permission matrix showing all module-level roles and their capabilities
PermissionSuperadminAdminInstructorStudentAuthor
Core Access
View Module
Use Module
Content Management
Create Task
Edit Module Content
Create Session
Archive Module Content
Templates & Licensing
Template Creation
License Module
Management
Manage Module Users
View Module Analytics

Key Principles:

  • Users can have multiple roles at the same entity
  • Permissions are additive - users get all permissions from all their roles
  • Most permissive access always wins when permissions overlap

Session Level

Session Level Roles & Permissions
Complete permission matrix showing all session-level roles and their capabilities
PermissionOrganiserFacilitatorCo-FacilitatorParticipantObserver
Core Access
View Session
View Session Details
Participation
Join Session
Share Screen
Use Chat
Use Reactions
Management
Host Session
Moderate Session
Create Session Resources
Record Session
Manage Breakout Rooms
Administration
View Participants
Manage Participants
End Session

Key Principles:

  • Users can have multiple roles at the same entity
  • Permissions are additive - users get all permissions from all their roles
  • Most permissive access always wins when permissions overlap

Task Level

Task Level Roles & Permissions
Complete permission matrix showing all task-level roles and their capabilities
PermissionOwnerInstructorTeaching AssistantStudentReviewer
Core Access
View Task
View Task Details
Participation
Submit Task
Edit Submission
View Feedback
Management
Edit Task Content
Review Task
Grade Task
Moderate Task
Assign Task
View All Submissions
Analytics
View Task Analytics

Key Principles:

  • Users can have multiple roles at the same entity
  • Permissions are additive - users get all permissions from all their roles
  • Most permissive access always wins when permissions overlap

Role Assignment Best Practices

Assignment Principles

Principle of Least Privilege: Assign only the roles needed for users to perform their functions effectively.

Clear Purpose: Each role assignment should have a clear justification and purpose.

Regular Review: Periodically review role assignments to ensure they remain appropriate.

Document Decisions: Maintain records of why specific roles were assigned.

Multiple Role Strategies

Complementary Roles: Assign multiple roles when users need capabilities from different areas (e.g., Author + Mentor).

Progressive Access: Add roles as users take on additional responsibilities rather than assigning all at once.

Common Combinations:

  • Instructor + Author (teaching and content creation)
  • Admin + Analyst (management and data access)
  • Mentor + Coach (different types of support)
  • Student + Teaching Assistant (learning while helping teach)

Role Dependencies

Some roles may have prerequisites or work best in combination:

Prerequisites: Some roles may require base membership (e.g., must be Member before Author).

Complementary: Some roles work well together (e.g., Instructor + Teaching Assistant).

Exclusive: Carefully consider role combinations that might conflict (e.g., Student + Instructor in same course).

Permission Scenarios

Understanding how permissions work in practice through real-world examples:

Scenario 1: Course Instructor + Author

Roles Assigned: Instructor + Author

Combined Permissions:

  • All Instructor permissions: Deliver Course, Grade Submissions, Manage Calendar, View Submissions
  • All Author permissions: Create Module, Edit Course Content
  • Result: Can both teach the course AND create/edit all course materials

Use Case: Subject matter expert who both creates content and teaches it

Scenario 2: Campus Admin + Analyst

Roles Assigned: Admin + Analyst

Combined Permissions:

  • All Admin permissions: Manage Users, Edit Campus Content, Moderate Campus
  • All Analyst permissions: View Analytics, View Revenue, Export Data
  • Result: Can manage the campus operations AND analyze performance data

Use Case: Campus director who needs both management and analytical capabilities

Scenario 3: Student + Teaching Assistant

Roles Assigned: Student + Teaching Assistant

Combined Permissions:

  • All Student permissions: View Course, Submit Work, View Feedback
  • All Teaching Assistant permissions: Grade Assignments, View All Submissions, Provide Feedback
  • Result: Can learn in the course AND help grade/support other students

Use Case: Advanced student helping instructor with course delivery

Scenario 4: Organization Superadmin + Finance

Roles Assigned: Superadmin + Finance

Combined Permissions:

  • All Superadmin permissions: Complete control, all capabilities
  • All Finance permissions: Manage Revenue, Process Payments (redundant with Superadmin)
  • Result: Full control with explicit financial focus

Use Case: Founder who handles both operations and financial management

Permission Categories

Permissions are organized into logical categories for easy understanding:

Core Access

Basic viewing and access permissions that allow users to see and navigate entities.

Content Management

Creating, editing, and managing learning content and materials.

User Management

Managing people, role assignments, and team composition.

Financial

Pricing, revenue, payment processing, and financial operations.

Administration

System configuration, settings, and platform management.

Delivery & Grading

Teaching, facilitating, assessing, and providing feedback.

Social & Communication

Chat, discussions, collaboration, and community features.

Analytics & Reporting

Data access, insights, reporting, and performance tracking.

Role Assignment Authority

Who can assign roles depends on ownership and existing role assignments:

Organization-Owned Entities

  • Organization Superadmin: Can assign any role
  • Organization Admin: Can assign most roles (except Superadmin)
  • Entity Admin: Can assign roles at their specific entity level

Private (User-Owned) Entities

  • Owner: Can assign any role to any user
  • Admins assigned by owner: Can assign roles based on owner's delegation

Public Entities

  • Platform Admins: Control role assignments for platform-owned public entities
  • Entity Admins: Manage roles for their specific public entities

Common Role Patterns

Educational Institution Pattern

Organization Level:

  • University leadership → Superadmin/Admin
  • Faculty → Author + Analyst
  • Staff → Member

Campus Level:

  • Dean → Superadmin
  • Department Heads → Admin
  • Faculty → Author + Mentor
  • Students → Member

Course Level:

  • Professor → Instructor + Author
  • Teaching Assistants → Teaching Assistant
  • Students → Student

Corporate Training Pattern

Organization Level:

  • Training Director → Superadmin
  • L&D Team → Admin + Author
  • Managers → Analyst
  • Employees → Member

Course Level:

  • Trainer → Instructor + Facilitator
  • Team Leads → Coach + Mentor
  • Learners → Student

Community Education Pattern

Campus Level:

  • Community Organizer → Superadmin + Moderator
  • Expert Volunteers → Author + Instructor
  • Active Members → Mentor + Participant
  • New Members → Member + Student

Implementation Guide

For Administrators

Step 1: Map Organizational Roles

  • Identify real-world roles in your organization
  • Determine responsibilities for each role
  • Map to ikigize roles and permissions

Step 2: Design Role Combinations

  • Identify where users need multiple roles
  • Plan standard role combinations
  • Document rationale for combinations

Step 3: Implement Systematically

  • Start with core administrative roles
  • Add faculty/instructor roles
  • Roll out student/participant roles
  • Monitor and adjust

Step 4: Monitor and Maintain

  • Regular permission audits
  • Role assignment reviews
  • User feedback collection
  • Continuous improvement

For Users

Understanding Your Roles:

  • Review all your assigned roles
  • Understand combined permissions
  • Know where to request additional access
  • Report permission issues promptly

Requesting Access:

  • Identify needed capabilities
  • Contact appropriate administrator
  • Explain use case clearly
  • Understand approval process

Best Practices Summary

Design Principles

Logical Grouping: Roles group related permissions in meaningful ways

Clear Purpose: Each role and permission has specific, well-defined purpose

User-Friendly: Role names and descriptions are clear and understandable

Flexible: System accommodates diverse organizational structures and needs

Security Considerations

Regular Review: Periodically review role assignments and permissions

Access Monitoring: Monitor permission usage for unusual patterns

Least Privilege: Default to minimal access, add as needed

Documentation: Document why specific roles/permissions were granted

Audit Trails: Maintain logs of all role assignments and changes

User Experience

Clear Communication: Ensure users understand their access and how to request more

Easy Requests: Provide clear processes for requesting additional roles

Training: Educate administrators and users about the RBAC system

Feedback: Collect and act on feedback about access control experience

Your Next Steps

Ready to implement roles and permissions in your organization? Start by understanding your organizational structure and mapping real-world responsibilities to ikigize roles.

Explore Related Topics

Implementation Checklist

  1. Map Organizational Roles: Identify real-world roles in your organization
  2. Define Responsibilities: Clarify what each role should be able to do
  3. Choose ikigize Roles: Select appropriate ikigize roles that match responsibilities
  4. Plan Role Combinations: Identify where users need multiple roles
  5. Assign Roles: Begin assigning roles to people systematically
  6. Review and Refine: Regularly review assignments and adjust as needed

Remember: The power of ikigize's RBAC system lies in its flexibility. Use multiple roles to accurately model real-world relationships and responsibilities, ensuring each user has exactly the access they need - no more, no less.