Skip to main content

Understanding User Roles and Permissions

Learn how roles, modules, and permissions work in CalmCompliance

Ben Gale avatar
Written by Ben Gale
Updated over a week ago

Overview

CalmCompliance uses a flexible permission system that lets you control exactly what each person can see and do. Instead of giving someone access to "everything" or "nothing," you can fine-tune their permissions for each module (like Documents or Operations) at each site (like a specific building or department). This means you can give someone full control over operations at one location while limiting them to view-only access at another.

How Permissions Work

Permissions in CalmCompliance work on three levels:

  1. Sites: Physical or organizational boundaries (buildings, departments, locations)

  2. Modules: Feature areas of CalmCompliance (Documents, Operations, Risks, Forms, etc.)

  3. Roles: What someone can do within a module (Member, Manager, or Admin)

Think of it like a grid: for each site, you choose which modules a person can access, and for each module, you choose their role. This gives you precise control over who can do what and where.

The Three Roles

Every module has three levels of access:

Member (View-Only)

  • Can view information but cannot make changes

  • Can add comments and participate in discussions

  • Cannot create, edit, or delete items

  • Perfect for: Staff who need to read documents, see schedules, or follow procedures

Example: A team member with Member access to Documents can read all policies and procedures, but can't upload new documents or update existing ones.

Manager (Can Edit)

  • Everything a Member can do, plus:

  • Can create, edit, and update items

  • Can organize and categorize content

  • Can distribute information and assign tasks

  • Cannot change module settings or manage permissions

  • Perfect for: Team leaders, supervisors, or department managers who need to maintain content

Example: A facilities manager with Manager access to Operations can create work orders, schedule inspections, and assign tasks to their team, but can't change the categories or module settings.

Admin (Full Control)

  • Everything a Manager can do, plus:

  • Can delete items permanently

  • Can change module settings and categories

  • Can manage module-specific permissions

  • Full control over that module at that site

  • Perfect for: Department heads, compliance officers, or system administrators who need complete control

Example: A health and safety officer with Admin access to Risks can create risk assessments, manage risk categories, delete outdated assessments, and control who else can access the Risks module.

What Are Modules?

Modules are the different feature areas of CalmCompliance. Each module focuses on a specific type of work:

  • Site: Core settings, user management, groups, tags, and approval policies

  • Documents: Document library, policies, procedures, and version control

  • Premises: Buildings, rooms, locations, and physical assets

  • Forms: Custom forms for data collection and inspections

  • Operations: Work orders, scheduled inspections, checklists, and maintenance

  • Risks: Risk assessments, controls, and risk management

  • Incidents: Incident reporting, investigations, and corrective actions

  • Service Desk: Issue reporting and service requests

  • Personnel: Staff records, training, certifications, and competencies

Your organization may not use all modules—you only see the modules your organization has access to.

What Roles Can Do in Each Module

Permissions vary slightly between modules, but here's the general pattern:

Documents Module

  • Member: Read documents, add comments

  • Manager: Upload documents, create new versions, organize folders, distribute to users

  • Admin: Everything Manager can do, plus delete documents, manage document categories, control shared collections

Operations Module

  • Member: View work orders and schedules, complete assigned work, mark tasks done

  • Manager: Create work orders, set up scheduled inspections, assign work to team members

  • Admin: Everything Manager can do, plus delete work orders, manage work categories, configure module settings

Risks Module

  • Member: View risk assessments, read controls and actions, add comments

  • Manager: Create risk assessments, add controls and actions, link risks to work schedules

  • Admin: Everything Manager can do, plus delete risk assessments, manage risk categories, control risk templates

Forms Module

  • Member: View forms, complete assigned forms, submit responses

  • Manager: Create form templates, attach forms to locations, request forms from users

  • Admin: Everything Manager can do, plus delete form templates, manage form categories

Site-Level Permissions

The Site module is special—it controls access to organization-wide features like user management, groups, tags, and approval policies.

  • Member: Basic site access, can create tasks for themselves, view their own tasks

  • Manager: Invite and manage users, create groups, manage organizational tags, configure review and approval policies

  • Admin: Everything Manager can do, plus delete groups, manage companies, full site configuration

Important: Someone needs at least Member access to the Site module to access any other modules at that site. The system automatically grants this when you give them access to other modules.

Hierarchical Sites and Permission Inheritance

If your organization has a main site with child sites underneath (like a head office with multiple branches), permissions work hierarchically:

  • Access to a parent site includes all child sites: If someone has access to the main office, they automatically have that same access at all branches

  • Child site permissions don't affect parent sites: Granting access to a branch doesn't give access to the head office

  • Each site can have different roles: Someone can be a Manager at the main office but only a Member at a branch

Organization Owners

Organization owners are a special status above all module roles. They have:

  • Full admin access to all modules at all sites

  • Ability to make other users owners (only owners can do this)

  • Complete control over organization settings and billing

  • Access to all current and future sites automatically

Only make trusted team members organization owners—they have unrestricted access to everything.

Module Dependencies

Some modules require access to other modules to work properly:

  • Operations requires Premises access (to link work to locations)

  • All modules require basic Site access (automatically granted)

The system enforces these dependencies automatically. For example, if you give someone Manager access to Operations, the system will ensure they have at least Member access to Premises and Site.

Tips for Setting Permissions

Start minimal, expand as needed: Give people the minimum access they need to do their job, then expand if they need more. It's easier to grant permissions than to revoke them.

Use consistent roles across modules: If someone is a Manager for Documents, they're probably a Manager for other modules too. Consistent roles make the permission structure easier to understand.

Group people by responsibility, not location: If you have five facilities managers across different sites, give them all the same role (Manager) for Operations, rather than making some Admins and others Members.

Review permissions regularly: As people's responsibilities change, update their permissions. Someone who was a Member when they joined might need Manager access after training.

Use Groups for efficiency: Instead of setting permissions for each person individually, create Groups (like "Facilities Team" or "Safety Officers") and assign permissions to the group. This makes bulk changes much easier.

Common Questions

What's the difference between a role and an organization owner?

Roles are module-specific—you can be a Manager for Documents but a Member for Operations. Organization owners have complete access to everything, regardless of roles. Think of roles as fine-grained control, and owner as "full access to everything."

Can someone be a Manager for one site and an Admin for another?

Yes! Permissions are set at the intersection of site and module. You might give someone Admin access to Operations at Site A (their primary location) but only Member access to Operations at Site B.

Why can't I remove someone's Site module access?

The Site module provides basic access to the organization. If someone has access to any other module (like Documents or Operations), they must have at least Member access to Site. The system enforces this dependency automatically.

What happens if I change someone from Admin to Manager?

They'll lose administrative capabilities like deleting items and managing module settings, but they'll keep their ability to create and edit content. Their existing work (documents they created, work orders they assigned) remains unchanged.

Can I see what permissions someone has?

Yes. Go to Settings > User Management, find the person, and click View Access. You'll see a table showing their role for each module at each site.

How do I know which role to give someone?

Ask yourself: "What do they need to do?" If they only need to read and follow procedures, give them Member access. If they need to create and maintain content for their team, give them Manager access. If they need full control including module settings and deletion, give them Admin access.

Related Topics

  • Inviting users to your organization - Learn how to add people and set their initial permissions

  • Managing organization memberships (coming soon)

  • Creating groups and teams (coming soon)

Did this answer your question?