Roles & Permissions System

ikigize implements a sophisticated role-based access control (RBAC) system where users can hold multiple roles simultaneously at each entity level. Each role grants specific permissions, and users inherit all permissions from all their assigned roles, creating a flexible and powerful access control mechanism.

What is the Roles & Permissions System?

The roles and permissions system defines what users can do across the platform. Roles define relationships users have with entities, while permissions grant specific capabilities. Users can have multiple roles at each entity, and inherit all permissions from those roles.

Core Concepts

Multiple Roles Per User

Flexible Assignments: Users can have as many roles as needed at each entity level, enabling them to fulfill multiple responsibilities.

Additive Permissions: Permissions from all assigned roles are combined, with the most permissive access taking precedence.

Independent Roles: Each role assignment is independent - adding or removing one role doesn't affect others.

Contextual Roles: Users can have different role combinations at different entities (e.g., Student in one course, Instructor in another).

Permission Inheritance Rules

  1. Additive: All permissions from all roles are combined
  2. Most Permissive Wins: If permissions conflict, broader access is granted
  3. No Reduction: Adding roles never reduces existing permissions
  4. Explicit Deny: System-level denies override all grants (used sparingly for security)

Role Hierarchy

Roles exist at specific entity levels in the platform hierarchy:

  • Organization Level → Campus Level → Course Level → Module Level → Session/Task Level

Roles at higher levels don't automatically cascade down. A Campus Admin is not automatically a Course Admin for all courses in that campus - roles must be explicitly assigned at each level.

Explicit Assignment

No Automatic Propagation: Higher-level roles don't grant lower-level access automatically Clear Visibility: Users always know exactly which roles they have and where Precise Control: Administrators can grant exactly the access needed at each level Audit Trail: All role assignments are tracked and can be audited

Roles by Entity Level

Organization Level

Top-level organizational structure and settings

Superadmin
Admin
Member
Coach
Sales
Guest
Analyst

7 roles available at this level

Campus Level

Educational institutions and learning ecosystems

Superadmin
Admin
Coach
Author
Member
Mentor
Moderator

7 roles available at this level

Course Level

Individual courses and learning programs

Superadmin
Admin
Instructor
Author
Coach
Student

6 roles available at this level

Module Level

Course components and learning units

Superadmin
Admin
Author
Instructor
Student

5 roles available at this level

Session Level

Live sessions, meetings, and events

Instructor
Coach
Participant
Author
Admin
Facilitator
Organiser

7 roles available at this level

Task Level

Assignments, assessments, and learning activities

Author
Student
Admin
Owner
Reviewer

5 roles available at this level

Permission Matrices by Entity Level

Each entity level has its own set of roles and permissions. The matrices below show exactly what each role can do at each level.

Organization Level

Organization Level Roles & Permissions

Complete permission matrix showing all organization-level roles and their capabilities

PermissionSuperadminAdminMemberCoachSalesGuestAnalyst
People Management
Invite Organisation Members
Manage People
Assign Roles
Remove Members
View All People
View Member Activity
Content Management
Add Campuses to Join
Add Courses to Join
Add Course Templates
Add Modules to Join
Add Module Templates
Add Sessions to Join
Add Session Templates
Manage Content
View All Content
Archive Content
Content Administrator
Campus Management
Create Campus
Manage Campuses
Organization Settings
Manage Organization Settings
Manage Organisation Calendar
Manage Branding
Manage Integrations
Manage Organisation Billing
Financial Management
Manage Revenue
Process Payments
Set Pricing
View Financial Reports
Analytics & Reporting
View Analytics
Export Organisation Data
Organization Access
View Organization
View Organization Profile
Library Management
View Library
Add Resources
Remove Resources
Manage Resources
Wallet Management
Manage Wallet

Key Principles:

  • Users can have multiple roles at the same entity
  • Permissions are additive - users get all permissions from all their roles
  • Most permissive access always wins when permissions overlap

Campus Level

Campus Level Roles & Permissions

Complete permission matrix showing all campus-level roles and their capabilities

PermissionSuperadminAdminCoachAuthorMemberMentorModerator
User Management
Invite Campus Members
Manage Campus Members
Content Management
Add Courses to Join
Add Course Templates
Add Modules to Join
Add Module Templates
Add Sessions to Join
Add Session Templates
Content Administrator
Campus Settings
Manage Campus Settings
Manage Campus Visibility
Manage Campus Ownership
Manage Campus Roles
Manage Campus Calendar
Set Campus Pricing
Analytics & Revenue
View Campus Analytics
View Campus Revenue
Library Management
View Library
Add Resources
Remove Resources
Campus Access
View Campus
View Campus Members
Moderation
Moderate Campus
Wallet Management
Manage Wallet

Key Principles:

  • Users can have multiple roles at the same entity
  • Permissions are additive - users get all permissions from all their roles
  • Most permissive access always wins when permissions overlap

Course Level

Course Level Roles & Permissions

Complete permission matrix showing all course-level roles and their capabilities

PermissionSuperadminAdminInstructorAuthorCoachStudent
User Management
Invite Course Members
Manage Course Users
Remove Course Members
Content Management
Edit Course Content
Create Modules
Manage Course Settings
Archive Course Content
Course Delivery
Deliver Course
Provide Feedback
Grade Submissions
Course Access
View Course
View Course Details
View Course Members
Analytics & Data
View Course Analytics
Export Course Data
View Submissions
Course Calendar
Manage Course Calendar
Moderation
Moderate Course
Library Management
View Library
Add Resources
Remove Resources
Wallet Management
Manage Wallet

Key Principles:

  • Users can have multiple roles at the same entity
  • Permissions are additive - users get all permissions from all their roles
  • Most permissive access always wins when permissions overlap

Module Level

Module Level Roles & Permissions

Complete permission matrix showing all module-level roles and their capabilities

PermissionSuperadminAdminAuthorInstructorStudent
User Management
Invite Module Members
Manage Module Users
Remove Module Members
Content Management
Edit Module Content
Create Chapters
Create Sessions
Create Tasks
Manage Module Settings
Archive Module Content
Module Operations
Use Module
License Module
Template Creation
Analytics & Data
View Module Analytics
Export Module Data
Assessment
Provide Feedback
Grade Submissions
View Submissions
Module Access
View Module
View Module Details
View Module Members
Module Calendar
Manage Module Calendar
Moderation
Moderate Module
Library Management
View Library
Add Resources
Remove Resources

Key Principles:

  • Users can have multiple roles at the same entity
  • Permissions are additive - users get all permissions from all their roles
  • Most permissive access always wins when permissions overlap

Session Level

Session Level Roles & Permissions

Complete permission matrix showing all session-level roles and their capabilities

PermissionInstructorCoachParticipantAuthorAdminFacilitatorOrganiser
Core Access
View Session
View Session Details
View Session Members
Join Session
Session Delivery
Host Session
Moderate Session
End Session
Record Session
Interactive Features
Use Chat
Use Reactions
Share Screen
Manage Breakout Rooms
User Management
Invite Session Members
Manage Session Users
Remove Session Members
Manage Participants
Content Management
Edit Session Content
Create Session Resources
Manage Session Settings
Archive Session Content
Analytics & Data
View Session Analytics
Export Session Data
Assessment
Provide Feedback
Grade Submissions
View Submissions
Session Calendar
Manage Session Calendar
Library Management
View Library
Add Resources
Remove Resources

Key Principles:

  • Users can have multiple roles at the same entity
  • Permissions are additive - users get all permissions from all their roles
  • Most permissive access always wins when permissions overlap

Task Level

Task Level Roles & Permissions

Complete permission matrix showing all task-level roles and their capabilities

PermissionAuthorStudentAdminOwnerReviewer
User Management
Invite Task Members
Manage Task Users
Remove Task Members
Content Management
Edit Task Content
Manage Task Settings
Archive Task Content
Task Operations
Assign Task
Assign Tasks
Submit Task
Review Task
Assessment
Grade Task
Provide Feedback
View Feedback
Edit Submission
Analytics & Data
View Task Analytics
Export Task Data
Task Access
View Task
View Task Details
View Task Members
Task Calendar
Manage Task Calendar
Moderation
Moderate Task
Library Management
View Library
Add Resources
Remove Resources

Key Principles:

  • Users can have multiple roles at the same entity
  • Permissions are additive - users get all permissions from all their roles
  • Most permissive access always wins when permissions overlap

Custom Roles & Permission Customization

ikigize supports three levels of flexibility beyond the default system roles:

Custom Role Creation

Administrators with the appropriate role-management permission (e.g. manage_campus_roles at campus level) can create custom roles for their entity:

  • Create new roles with any name and description
  • Choose permissions from the full permission set for that entity type
  • Entity-scoped — custom roles apply only to the entity where they were created
  • Delete custom roles when no longer needed (system roles cannot be deleted)

Custom roles appear alongside system roles in the People management UI and can be assigned to members like any other role.

Role–Permission Customization (System Role Overrides)

You can customize system roles without creating entirely new roles:

  • Override permissions for a system role (e.g. Admin, Member) at a specific entity
  • Creates a custom override — the system role’s default permissions are replaced for that entity only
  • Restore defaults — remove the override at any time to revert to the system role’s original permissions
  • Assignments migrate — when you customize a system role, existing members assigned to that role automatically use the customized version

This is useful when you need a slightly different Admin or Member definition for one campus or course without creating a new role from scratch.

Per-User Permission Customization

For fine-grained control, you can override a user’s permissions regardless of their roles:

  • Enable customization in the member’s permission dialog (People management)
  • Select or deselect individual permissions — the user’s effective permissions become exactly what you choose
  • Independent of roles — when customization is on, role assignments no longer determine permissions; your explicit selection does
  • Disable customization to return to role-derived permissions

Use this for one-off exceptions (e.g. a Member who temporarily needs one extra permission) without creating new roles or changing role definitions.

Role Assignment Best Practices

Assignment Principles

Principle of Least Privilege: Assign only the roles needed for users to perform their functions effectively.

Clear Purpose: Each role assignment should have a clear justification and purpose.

Regular Review: Periodically review role assignments to ensure they remain appropriate.

Document Decisions: Maintain records of why specific roles were assigned.

Multiple Role Strategies

Complementary Roles: Assign multiple roles when users need capabilities from different areas (e.g., Author + Mentor).

Progressive Access: Add roles as users take on additional responsibilities rather than assigning all at once.

Common Combinations:

  • Instructor + Author (teaching and content creation)
  • Admin + Analyst (management and data access)
  • Mentor + Coach (different types of support)
  • Student + Teaching Assistant (learning while helping teach)

Role Dependencies

Some roles may have prerequisites or work best in combination:

Prerequisites: Some roles may require base membership (e.g., must be Member before Author).

Complementary: Some roles work well together (e.g., Instructor + Teaching Assistant).

Exclusive: Carefully consider role combinations that might conflict (e.g., Student + Instructor in same course).

Permission Scenarios

Understanding how permissions work in practice through real-world examples:

Scenario 1: Course Instructor + Author

Roles Assigned: Instructor + Author

Combined Permissions:

  • All Instructor permissions: Deliver Course, Grade Submissions, Manage Calendar, View Submissions
  • All Author permissions: Create Module, Edit Course Content
  • Result: Can both teach the course AND create/edit all course materials

Use Case: Subject matter expert who both creates content and teaches it

Scenario 2: Campus Admin + Analyst

Roles Assigned: Admin + Analyst

Combined Permissions:

  • All Admin permissions: Manage Users, Edit Campus Content, Moderate Campus
  • All Analyst permissions: View Analytics, View Revenue, Export Data
  • Result: Can manage the campus operations AND analyze performance data

Use Case: Campus director who needs both management and analytical capabilities

Scenario 3: Student + Teaching Assistant

Roles Assigned: Student + Teaching Assistant

Combined Permissions:

  • All Student permissions: View Course, Submit Work, View Feedback
  • All Teaching Assistant permissions: Grade Assignments, View All Submissions, Provide Feedback
  • Result: Can learn in the course AND help grade/support other students

Use Case: Advanced student helping instructor with course delivery

Scenario 4: Organization Superadmin + Finance

Roles Assigned: Superadmin + Finance

Combined Permissions:

  • All Superadmin permissions: Complete control, all capabilities
  • All Finance permissions: Manage Revenue, Process Payments (redundant with Superadmin)
  • Result: Full control with explicit financial focus

Use Case: Founder who handles both operations and financial management

Permission Categories

Permissions are organized into logical categories for easy understanding:

Core Access

Basic viewing and access permissions that allow users to see and navigate entities.

Content Management

Creating, editing, and managing learning content and materials.

User Management

Managing people, role assignments, and team composition.

Financial

Pricing, revenue, payment processing, and financial operations.

Administration

System configuration, settings, and platform management.

Delivery & Grading

Teaching, facilitating, assessing, and providing feedback.

Social & Communication

Chat, discussions, collaboration, and community features.

Analytics & Reporting

Data access, insights, reporting, and performance tracking.

Role Assignment Authority

Who can assign roles depends on ownership and existing role assignments:

Organization-Owned Entities

  • Organization Superadmin: Can assign any role
  • Organization Admin: Can assign most roles (except Superadmin)
  • Entity Admin: Can assign roles at their specific entity level

Private (User-Owned) Entities

  • Owner: Can assign any role to any user
  • Admins assigned by owner: Can assign roles based on owner's delegation

Public Entities

  • Platform Admins: Control role assignments for platform-owned public entities
  • Entity Admins: Manage roles for their specific public entities

Common Role Patterns

Educational Institution Pattern

Organization Level:

  • University leadership → Superadmin/Admin
  • Faculty → Author + Analyst
  • Staff → Member

Campus Level:

  • Dean → Superadmin
  • Department Heads → Admin
  • Faculty → Author + Mentor
  • Students → Member

Course Level:

  • Professor → Instructor + Author
  • Teaching Assistants → Teaching Assistant
  • Students → Student

Corporate Training Pattern

Organization Level:

  • Training Director → Superadmin
  • L&D Team → Admin + Author
  • Managers → Analyst
  • Employees → Member

Course Level:

  • Trainer → Instructor + Facilitator
  • Team Leads → Coach + Mentor
  • Learners → Student

Community Education Pattern

Campus Level:

  • Community Organizer → Superadmin + Moderator
  • Expert Volunteers → Author + Instructor
  • Active Members → Mentor + Participant
  • New Members → Member + Student

Implementation Guide

For Administrators

Step 1: Map Organizational Roles

  • Identify real-world roles in your organization
  • Determine responsibilities for each role
  • Map to ikigize roles and permissions

Step 2: Design Role Combinations

  • Identify where users need multiple roles
  • Plan standard role combinations
  • Document rationale for combinations

Step 3: Implement Systematically

  • Start with core administrative roles
  • Add faculty/instructor roles
  • Roll out student/participant roles
  • Monitor and adjust

Step 4: Monitor and Maintain

  • Regular permission audits
  • Role assignment reviews
  • User feedback collection
  • Continuous improvement

For Users

Understanding Your Roles:

  • Review all your assigned roles
  • Understand combined permissions
  • Know where to request additional access
  • Report permission issues promptly

Requesting Access:

  • Identify needed capabilities
  • Contact appropriate administrator
  • Explain use case clearly
  • Understand approval process

Best Practices Summary

Design Principles

Logical Grouping: Roles group related permissions in meaningful ways

Clear Purpose: Each role and permission has specific, well-defined purpose

User-Friendly: Role names and descriptions are clear and understandable

Flexible: System accommodates diverse organizational structures and needs

Security Considerations

Regular Review: Periodically review role assignments and permissions

Access Monitoring: Monitor permission usage for unusual patterns

Least Privilege: Default to minimal access, add as needed

Documentation: Document why specific roles/permissions were granted

Audit Trails: Maintain logs of all role assignments and changes

User Experience

Clear Communication: Ensure users understand their access and how to request more

Easy Requests: Provide clear processes for requesting additional roles

Training: Educate administrators and users about the RBAC system

Feedback: Collect and act on feedback about access control experience

Your Next Steps

Ready to implement roles and permissions in your organization? Start by understanding your organizational structure and mapping real-world responsibilities to ikigize roles.

Explore Related Topics

Implementation Checklist

  1. Map Organizational Roles: Identify real-world roles in your organization
  2. Define Responsibilities: Clarify what each role should be able to do
  3. Choose ikigize Roles: Select appropriate ikigize roles that match responsibilities
  4. Plan Role Combinations: Identify where users need multiple roles
  5. Assign Roles: Begin assigning roles to people systematically
  6. Review and Refine: Regularly review assignments and adjust as needed

Remember: The power of ikigize's RBAC system lies in its flexibility. Use multiple roles to accurately model real-world relationships and responsibilities, ensuring each user has exactly the access they need - no more, no less.