User Roles & Permissions

Configure user roles and manage access permissions

User Roles & Permissions

Overview

User roles and permissions control what staff members can access and do within MartialFlow. This guide covers role management, permission configuration, security best practices, and maintaining appropriate access levels for all staff members.

Prerequisites

  • Administrative or Director-level access
  • Understanding of your school's organizational structure
  • Knowledge of data security principles
  • Familiarity with staff responsibilities and workflows

Understanding Role-Based Access Control

Role Hierarchy

Standard System Roles

  1. Director Role

    Director Permissions:
    • Full system access
    • All configuration settings
    • Financial data and billing
    • User management
    • System administration
    • All reports and analytics
    • Data export capabilities
    • Integration management
  2. Administrator Role

    Administrator Permissions:
    • Student and family management
    • Class scheduling and management
    • Communication systems
    • Reporting and analytics
    • Basic system configuration
    • Limited financial access
    • User role management (non-Director)
    • Data import/export (limited)
  3. Lead Instructor Role

    Lead Instructor Permissions:
    • Class management and scheduling
    • Student progress tracking
    • Instructor coordination
    • Limited student management
    • Communication with families
    • Class-related reporting
    • Substitute instructor management
    • Basic administrative tasks
  4. Instructor Role

    Instructor Permissions:
    • Assigned class management
    • Student attendance tracking
    • Student progress updates
    • Parent communication
    • Basic student information access
    • Class-specific reporting
    • Limited schedule viewing
    • Personal schedule management
  5. Staff Role

    Staff Permissions:
    • Student check-in/check-out
    • Basic student information lookup
    • Limited communication access
    • Read-only schedule viewing
    • Basic reporting access
    • Customer service functions
    • Limited data entry
    • Reception duties

Permission Categories

Functional Permission Areas

  1. Student Management

    • View Student Information - Access to student profiles
    • Edit Student Information - Modify student details
    • Add New Students - Create new student records
    • Delete Students - Remove student records
    • View Medical Information - Access health data
    • Manage Family Accounts - Family relationship management
  2. Class Management

    • View All Classes - See complete class schedules
    • Edit Class Information - Modify class details
    • Create New Classes - Add classes to schedule
    • Cancel Classes - Cancel or reschedule classes
    • Manage Attendance - Take and modify attendance
    • Assign Instructors - Assign staff to classes
  3. Financial Management

    • View Billing Information - Access customer billing
    • Process Payments - Handle payment transactions
    • Manage Subscriptions - Subscription administration
    • Generate Financial Reports - Financial analytics
    • Handle Refunds - Process refund requests
    • Manage Discounts - Apply and manage discounts

Configuring User Roles

Accessing Role Management

Role Configuration Interface

  1. Navigate to Role Management

    • Go to Administration → User Management → Roles
    • Or Settings → Security → User Roles
    • View existing roles and permissions
    • Access role creation and editing tools
  2. Role Management Dashboard

    Role Management Features:
    • Role list with permission summaries
    • User count per role
    • Permission matrix view
    • Role usage analytics
    • Permission conflict detection
    • Role inheritance mapping

Creating Custom Roles

Custom Role Development

  1. Role Creation Process

    • Role Name - Descriptive role identifier
    • Role Description - Clear purpose explanation
    • Base Role - Inherit from existing role (optional)
    • Permission Selection - Choose specific permissions
    • Access Restrictions - Set any limitations
  2. Role Definition Example

    Role Name: Assistant Instructor
    Description: Part-time instructors with limited responsibilities
    Base Role: Instructor (inherit basic permissions)
    
    Additional Permissions:
    ✓ Substitute for other instructors
    ✓ Access instructor schedules
    ✓ Limited student progress tracking
    
    Restricted Permissions:
    ✗ Cannot create new classes
    ✗ Cannot access financial information
    ✗ Cannot manage user accounts

Permission Matrix Configuration

  1. Granular Permission Control

    Permission Matrix Example:
    
    Feature Area          | Director | Admin | Lead Inst | Instructor | Staff
    ---------------------|----------|-------|-----------|------------|-------
    Student Management   | Full     | Full  | Limited   | Limited    | View
    Class Scheduling     | Full     | Full  | Limited   | View       | View
    Financial Data       | Full     | View  | None      | None       | None
    System Config        | Full     | Limited| None     | None       | None
    User Management      | Full     | Limited| None     | None       | None
  2. Feature-Specific Permissions

    • Read Permissions - View-only access
    • Write Permissions - Modify existing data
    • Create Permissions - Add new records
    • Delete Permissions - Remove records
    • Admin Permissions - Administrative functions

Role Assignment

Assigning Roles to Users

  1. Individual User Assignment

    • Navigate to User Management → Users
    • Select specific user
    • Choose "Edit Roles" or "Manage Permissions"
    • Assign appropriate role
    • Save changes and notify user
  2. Bulk Role Assignment

    Bulk Assignment Scenarios:
    • New instructor group onboarding
    • Role change for multiple staff
    • Seasonal staff adjustments
    • Department reorganization
    • Temporary access modifications

Multiple Role Assignment

  1. Multi-Role Users

    • Primary Role - Main job function role
    • Secondary Roles - Additional responsibilities
    • Temporary Roles - Short-term assignments
    • Project Roles - Specific project access
  2. Role Conflict Resolution

    • Permission Aggregation - Combine permissions from all roles
    • Highest Permission Wins - Use most permissive setting
    • Explicit Restrictions - Override with specific denials
    • Role Priority - Define role precedence

Permission Management

Data Access Permissions

Student Information Access

  1. Personal Information

    Information Access Levels:
    
    Basic Information:
    • Name, age, belt rank
    • Class enrollment
    • Attendance history
    • Contact information
    
    Sensitive Information:
    • Medical conditions
    • Financial information
    • Family relationships
    • Emergency contacts
    
    Restricted Information:
    • Social security numbers
    • Payment methods
    • Legal documents
    • Disciplinary records
  2. Age-Appropriate Access

    • Minor Student Data - Enhanced protection for under-18
    • Adult Student Data - Standard access controls
    • Family Data - Appropriate family member access
    • Emergency Information - Critical access for safety

Financial Information Access

  1. Billing Data Permissions

    • View Billing History - Payment record access
    • Process Payments - Handle payment transactions
    • Modify Billing - Adjust billing information
    • Financial Reporting - Revenue and financial analytics
  2. Payment Processing Rights

    Payment Processing Levels:
    
    Basic Processing:
    ✓ Record cash payments
    ✓ Process credit card payments
    ✓ Generate receipts
    
    Advanced Processing:
    ✓ Issue refunds
    ✓ Adjust billing amounts
    ✓ Manage payment plans
    ✓ Handle billing disputes

Operational Permissions

Class Management Access

  1. Schedule Management

    • View Schedules - See class timetables
    • Modify Schedules - Change class times
    • Create Classes - Add new classes
    • Cancel Classes - Remove or reschedule classes
  2. Instructor Assignment

    • Assign Primary Instructors - Main instructor assignment
    • Assign Substitute Instructors - Temporary instructor coverage
    • Manage Instructor Preferences - Instructor scheduling preferences
    • Override Assignments - Emergency instructor changes

Communication Permissions

  1. Message Management

    Communication Access Levels:
    
    Basic Communication:
    • Send individual messages
    • Respond to parent inquiries
    • Access message templates
    • View communication history
    
    Advanced Communication:
    • Send bulk messages
    • Create message campaigns
    • Manage communication lists
    • Access communication analytics
  2. Emergency Communication

    • Emergency Alerts - Send urgent notifications
    • System Announcements - School-wide communications
    • Safety Communications - Health and safety messages
    • Weather Alerts - Weather-related notifications

Security and Access Control

Security Principles

Principle of Least Privilege

  1. Minimum Necessary Access

    • Grant only permissions required for job function
    • Regular review and adjustment of permissions
    • Temporary elevation for specific tasks
    • Automatic permission expiration
  2. Need-to-Know Basis

    Access Justification Requirements:
    • Job function requirement
    • Temporary project needs
    • Training and development
    • Emergency access situations
    • Compliance and audit needs

Separation of Duties

  1. Critical Function Separation

    • Financial Approval - Separate approval and processing
    • User Management - Separate creation and activation
    • Data Access - Separate viewing and modification
    • System Administration - Separate configuration and monitoring
  2. Dual Control Requirements

    • Large Financial Transactions - Two-person approval
    • User Account Creation - Manager approval required
    • System Configuration Changes - Administrative approval
    • Data Export - Supervisory authorization

Access Monitoring

Activity Tracking

  1. User Activity Logging

    Logged Activities:
    • Login/logout times
    • Data access and modifications
    • Permission changes
    • Administrative actions
    • Failed access attempts
    • Unusual activity patterns
  2. Permission Usage Analytics

    • Feature Utilization - Track permission usage
    • Access Patterns - Identify unusual access
    • Performance Impact - Monitor permission efficiency
    • Security Compliance - Ensure policy adherence

Audit and Compliance

  1. Regular Access Reviews

    Review Schedule:
    • Monthly: New user access verification
    • Quarterly: Role appropriateness review
    • Semi-annually: Permission audit
    • Annually: Complete access certification
    • Ad-hoc: Role change reviews
  2. Compliance Reporting

    • Access Reports - Who has access to what
    • Change Reports - Permission modification history
    • Violation Reports - Policy violation tracking
    • Certification Reports - Access approval documentation

Role Lifecycle Management

Role Creation and Modification

New Role Development

  1. Role Analysis Process

    • Job Function Analysis - Understand role requirements
    • Permission Mapping - Map functions to permissions
    • Security Assessment - Evaluate security implications
    • Testing and Validation - Test role functionality
  2. Role Implementation

    Implementation Steps:
    1. Create role definition
    2. Configure permissions
    3. Test with sample user
    4. Document role purpose
    5. Train administrators
    6. Deploy to production
    7. Monitor usage

Role Updates and Changes

  1. Permission Modification

    • Business Requirement Changes - Adapt to new needs
    • Security Enhancement - Improve security posture
    • Compliance Updates - Meet regulatory requirements
    • Process Improvement - Optimize workflows
  2. Change Management Process

    • Change Request - Formal permission change request
    • Impact Analysis - Assess change implications
    • Approval Process - Management authorization
    • Implementation - Deploy permission changes
    • Verification - Confirm successful implementation

Role Retirement

Obsolete Role Management

  1. Role Deprecation

    • Identify Unused Roles - Find roles no longer needed
    • Migration Planning - Plan user migration to new roles
    • User Communication - Notify affected users
    • Gradual Phaseout - Systematic role elimination
  2. Role Archive Process

    Retirement Steps:
    1. Identify obsolete role
    2. Migrate users to appropriate roles
    3. Document retirement reason
    4. Archive role configuration
    5. Remove from active system
    6. Update documentation

Best Practices

Role Design

  1. Clear Role Definition - Define roles with clear purposes
  2. Logical Permission Grouping - Group related permissions together
  3. Scalable Architecture - Design for organizational growth
  4. Regular Review - Periodically review and update roles
  5. Documentation - Maintain comprehensive role documentation

Permission Management

  1. Minimal Access - Grant minimum necessary permissions
  2. Regular Audits - Conduct regular permission reviews
  3. Change Control - Manage permission changes carefully
  4. User Training - Train users on their permissions
  5. Monitoring - Monitor permission usage and effectiveness

Security Maintenance

  1. Access Reviews - Regular access certification
  2. Anomaly Detection - Monitor for unusual access patterns
  3. Incident Response - Have procedures for security incidents
  4. Compliance Monitoring - Ensure ongoing compliance
  5. Continuous Improvement - Improve security based on lessons learned

Troubleshooting Common Issues

Permission Problems

Issue: User cannot access required features
Solution: Review role assignment, check permission inheritance, verify training completion

Issue: User has excessive permissions
Solution: Review role appropriateness, adjust permissions, implement additional training

Issue: Role conflicts causing access issues
Solution: Review multiple role assignments, resolve conflicts, simplify role structure

Role Management Issues

Issue: Role changes not taking effect
Solution: Check role caching, restart user sessions, verify role configuration

Issue: Permission inheritance not working
Solution: Review role hierarchy, check inheritance rules, test role relationships

Issue: Audit trail missing information
Solution: Verify logging configuration, check system settings, review audit procedures

Next Steps

After configuring roles and permissions:

  1. Instructor Management - Manage teaching staff specifically
  2. Instructor Groups - Organize instructors effectively
  3. Staff Performance Tracking - Monitor staff performance

Getting Help

For role and permission assistance:

  • Plan role structure before implementation
  • Test roles thoroughly before deployment
  • Document role purposes and permissions clearly
  • Train staff on their access levels and responsibilities
  • Contact support for complex role configuration issues

Effective role and permission management ensures secure, efficient operations while enabling staff to perform their responsibilities effectively.

Was this article helpful?

Still need help?

Our martial arts experts are here to help you succeed with MartialFlow.