User Roles & Permissions
Configure user roles and manage access permissions
User Roles & Permissions
Overview
User roles and permissions control what staff members can access and do within MartialFlow. This guide covers role management, permission configuration, security best practices, and maintaining appropriate access levels for all staff members.
Prerequisites
- Administrative or Director-level access
- Understanding of your school's organizational structure
- Knowledge of data security principles
- Familiarity with staff responsibilities and workflows
Understanding Role-Based Access Control
Role Hierarchy
Standard System Roles
Director Role
Director Permissions: • Full system access • All configuration settings • Financial data and billing • User management • System administration • All reports and analytics • Data export capabilities • Integration managementAdministrator Role
Administrator Permissions: • Student and family management • Class scheduling and management • Communication systems • Reporting and analytics • Basic system configuration • Limited financial access • User role management (non-Director) • Data import/export (limited)Lead Instructor Role
Lead Instructor Permissions: • Class management and scheduling • Student progress tracking • Instructor coordination • Limited student management • Communication with families • Class-related reporting • Substitute instructor management • Basic administrative tasksInstructor Role
Instructor Permissions: • Assigned class management • Student attendance tracking • Student progress updates • Parent communication • Basic student information access • Class-specific reporting • Limited schedule viewing • Personal schedule managementStaff Role
Staff Permissions: • Student check-in/check-out • Basic student information lookup • Limited communication access • Read-only schedule viewing • Basic reporting access • Customer service functions • Limited data entry • Reception duties
Permission Categories
Functional Permission Areas
Student Management
- View Student Information - Access to student profiles
- Edit Student Information - Modify student details
- Add New Students - Create new student records
- Delete Students - Remove student records
- View Medical Information - Access health data
- Manage Family Accounts - Family relationship management
Class Management
- View All Classes - See complete class schedules
- Edit Class Information - Modify class details
- Create New Classes - Add classes to schedule
- Cancel Classes - Cancel or reschedule classes
- Manage Attendance - Take and modify attendance
- Assign Instructors - Assign staff to classes
Financial Management
- View Billing Information - Access customer billing
- Process Payments - Handle payment transactions
- Manage Subscriptions - Subscription administration
- Generate Financial Reports - Financial analytics
- Handle Refunds - Process refund requests
- Manage Discounts - Apply and manage discounts
Configuring User Roles
Accessing Role Management
Role Configuration Interface
Navigate to Role Management
- Go to Administration → User Management → Roles
- Or Settings → Security → User Roles
- View existing roles and permissions
- Access role creation and editing tools
Role Management Dashboard
Role Management Features: • Role list with permission summaries • User count per role • Permission matrix view • Role usage analytics • Permission conflict detection • Role inheritance mapping
Creating Custom Roles
Custom Role Development
Role Creation Process
- Role Name - Descriptive role identifier
- Role Description - Clear purpose explanation
- Base Role - Inherit from existing role (optional)
- Permission Selection - Choose specific permissions
- Access Restrictions - Set any limitations
Role Definition Example
Role Name: Assistant Instructor Description: Part-time instructors with limited responsibilities Base Role: Instructor (inherit basic permissions) Additional Permissions: ✓ Substitute for other instructors ✓ Access instructor schedules ✓ Limited student progress tracking Restricted Permissions: ✗ Cannot create new classes ✗ Cannot access financial information ✗ Cannot manage user accounts
Permission Matrix Configuration
Granular Permission Control
Permission Matrix Example: Feature Area | Director | Admin | Lead Inst | Instructor | Staff ---------------------|----------|-------|-----------|------------|------- Student Management | Full | Full | Limited | Limited | View Class Scheduling | Full | Full | Limited | View | View Financial Data | Full | View | None | None | None System Config | Full | Limited| None | None | None User Management | Full | Limited| None | None | NoneFeature-Specific Permissions
- Read Permissions - View-only access
- Write Permissions - Modify existing data
- Create Permissions - Add new records
- Delete Permissions - Remove records
- Admin Permissions - Administrative functions
Role Assignment
Assigning Roles to Users
Individual User Assignment
- Navigate to User Management → Users
- Select specific user
- Choose "Edit Roles" or "Manage Permissions"
- Assign appropriate role
- Save changes and notify user
Bulk Role Assignment
Bulk Assignment Scenarios: • New instructor group onboarding • Role change for multiple staff • Seasonal staff adjustments • Department reorganization • Temporary access modifications
Multiple Role Assignment
Multi-Role Users
- Primary Role - Main job function role
- Secondary Roles - Additional responsibilities
- Temporary Roles - Short-term assignments
- Project Roles - Specific project access
Role Conflict Resolution
- Permission Aggregation - Combine permissions from all roles
- Highest Permission Wins - Use most permissive setting
- Explicit Restrictions - Override with specific denials
- Role Priority - Define role precedence
Permission Management
Data Access Permissions
Student Information Access
Personal Information
Information Access Levels: Basic Information: • Name, age, belt rank • Class enrollment • Attendance history • Contact information Sensitive Information: • Medical conditions • Financial information • Family relationships • Emergency contacts Restricted Information: • Social security numbers • Payment methods • Legal documents • Disciplinary recordsAge-Appropriate Access
- Minor Student Data - Enhanced protection for under-18
- Adult Student Data - Standard access controls
- Family Data - Appropriate family member access
- Emergency Information - Critical access for safety
Financial Information Access
Billing Data Permissions
- View Billing History - Payment record access
- Process Payments - Handle payment transactions
- Modify Billing - Adjust billing information
- Financial Reporting - Revenue and financial analytics
Payment Processing Rights
Payment Processing Levels: Basic Processing: ✓ Record cash payments ✓ Process credit card payments ✓ Generate receipts Advanced Processing: ✓ Issue refunds ✓ Adjust billing amounts ✓ Manage payment plans ✓ Handle billing disputes
Operational Permissions
Class Management Access
Schedule Management
- View Schedules - See class timetables
- Modify Schedules - Change class times
- Create Classes - Add new classes
- Cancel Classes - Remove or reschedule classes
Instructor Assignment
- Assign Primary Instructors - Main instructor assignment
- Assign Substitute Instructors - Temporary instructor coverage
- Manage Instructor Preferences - Instructor scheduling preferences
- Override Assignments - Emergency instructor changes
Communication Permissions
Message Management
Communication Access Levels: Basic Communication: • Send individual messages • Respond to parent inquiries • Access message templates • View communication history Advanced Communication: • Send bulk messages • Create message campaigns • Manage communication lists • Access communication analyticsEmergency Communication
- Emergency Alerts - Send urgent notifications
- System Announcements - School-wide communications
- Safety Communications - Health and safety messages
- Weather Alerts - Weather-related notifications
Security and Access Control
Security Principles
Principle of Least Privilege
Minimum Necessary Access
- Grant only permissions required for job function
- Regular review and adjustment of permissions
- Temporary elevation for specific tasks
- Automatic permission expiration
Need-to-Know Basis
Access Justification Requirements: • Job function requirement • Temporary project needs • Training and development • Emergency access situations • Compliance and audit needs
Separation of Duties
Critical Function Separation
- Financial Approval - Separate approval and processing
- User Management - Separate creation and activation
- Data Access - Separate viewing and modification
- System Administration - Separate configuration and monitoring
Dual Control Requirements
- Large Financial Transactions - Two-person approval
- User Account Creation - Manager approval required
- System Configuration Changes - Administrative approval
- Data Export - Supervisory authorization
Access Monitoring
Activity Tracking
User Activity Logging
Logged Activities: • Login/logout times • Data access and modifications • Permission changes • Administrative actions • Failed access attempts • Unusual activity patternsPermission Usage Analytics
- Feature Utilization - Track permission usage
- Access Patterns - Identify unusual access
- Performance Impact - Monitor permission efficiency
- Security Compliance - Ensure policy adherence
Audit and Compliance
Regular Access Reviews
Review Schedule: • Monthly: New user access verification • Quarterly: Role appropriateness review • Semi-annually: Permission audit • Annually: Complete access certification • Ad-hoc: Role change reviewsCompliance Reporting
- Access Reports - Who has access to what
- Change Reports - Permission modification history
- Violation Reports - Policy violation tracking
- Certification Reports - Access approval documentation
Role Lifecycle Management
Role Creation and Modification
New Role Development
Role Analysis Process
- Job Function Analysis - Understand role requirements
- Permission Mapping - Map functions to permissions
- Security Assessment - Evaluate security implications
- Testing and Validation - Test role functionality
Role Implementation
Implementation Steps: 1. Create role definition 2. Configure permissions 3. Test with sample user 4. Document role purpose 5. Train administrators 6. Deploy to production 7. Monitor usage
Role Updates and Changes
Permission Modification
- Business Requirement Changes - Adapt to new needs
- Security Enhancement - Improve security posture
- Compliance Updates - Meet regulatory requirements
- Process Improvement - Optimize workflows
Change Management Process
- Change Request - Formal permission change request
- Impact Analysis - Assess change implications
- Approval Process - Management authorization
- Implementation - Deploy permission changes
- Verification - Confirm successful implementation
Role Retirement
Obsolete Role Management
Role Deprecation
- Identify Unused Roles - Find roles no longer needed
- Migration Planning - Plan user migration to new roles
- User Communication - Notify affected users
- Gradual Phaseout - Systematic role elimination
Role Archive Process
Retirement Steps: 1. Identify obsolete role 2. Migrate users to appropriate roles 3. Document retirement reason 4. Archive role configuration 5. Remove from active system 6. Update documentation
Best Practices
Role Design
- Clear Role Definition - Define roles with clear purposes
- Logical Permission Grouping - Group related permissions together
- Scalable Architecture - Design for organizational growth
- Regular Review - Periodically review and update roles
- Documentation - Maintain comprehensive role documentation
Permission Management
- Minimal Access - Grant minimum necessary permissions
- Regular Audits - Conduct regular permission reviews
- Change Control - Manage permission changes carefully
- User Training - Train users on their permissions
- Monitoring - Monitor permission usage and effectiveness
Security Maintenance
- Access Reviews - Regular access certification
- Anomaly Detection - Monitor for unusual access patterns
- Incident Response - Have procedures for security incidents
- Compliance Monitoring - Ensure ongoing compliance
- Continuous Improvement - Improve security based on lessons learned
Troubleshooting Common Issues
Permission Problems
Issue: User cannot access required features
Solution: Review role assignment, check permission inheritance, verify training completion
Issue: User has excessive permissions
Solution: Review role appropriateness, adjust permissions, implement additional training
Issue: Role conflicts causing access issues
Solution: Review multiple role assignments, resolve conflicts, simplify role structure
Role Management Issues
Issue: Role changes not taking effect
Solution: Check role caching, restart user sessions, verify role configuration
Issue: Permission inheritance not working
Solution: Review role hierarchy, check inheritance rules, test role relationships
Issue: Audit trail missing information
Solution: Verify logging configuration, check system settings, review audit procedures
Next Steps
After configuring roles and permissions:
- Instructor Management - Manage teaching staff specifically
- Instructor Groups - Organize instructors effectively
- Staff Performance Tracking - Monitor staff performance
Getting Help
For role and permission assistance:
- Plan role structure before implementation
- Test roles thoroughly before deployment
- Document role purposes and permissions clearly
- Train staff on their access levels and responsibilities
- Contact support for complex role configuration issues
Effective role and permission management ensures secure, efficient operations while enabling staff to perform their responsibilities effectively.
Still need help?
Our martial arts experts are here to help you succeed with MartialFlow.