Features and Permissions¶
[Draft — pending review]
Ordinate uses a detailed permission system to control what each user role can access. Around 100 features and sub-features across the application can be individually configured per role.
How It Works¶
Each feature (e.g. Meetings, Noticeboard, Data Exports) has:
- A master switch — turns the feature on or off for your entire organisation. If a feature is switched off, no one can see it regardless of their role.
- Per-role access levels — for each role, you set a permission level that controls what users in that role can do with the feature.
Access Levels¶
Permissions use a hierarchical scale:
| Level | Name | What It Allows |
|---|---|---|
| 0 | None | No access — the feature is invisible to this role |
| 1 | View | Read-only access |
| 2 | Create | Can create new items, but cannot edit existing ones |
| 3 | Edit | Can create and edit items |
| 4 | Delete | Can create, edit, and delete items |
| 5 | Administer | Full administrative control of this feature |
Each level includes the capabilities of all levels below it. For example, a user with Edit access can also view and create.
Info
Not all levels are meaningful for every feature. For a simple feature like Noticeboard, there is little practical difference between Delete and Administer. The important distinction is usually between None, View, and Edit/Administer.
Features and Sub-Features¶
Some features have sub-features that can be configured independently. For example, Meetings has sub-features such as:
- Catering
- Agenda
- Feedback
- Guest Participants
- Staff Participants
A sub-feature can only be used if the user has access to the parent feature — but having access to the parent does not automatically grant access to all sub-features. This lets you give someone access to meetings while restricting what they can see or edit within each meeting.
Permission Scope (Self / Department / All)¶
For certain features, permissions can vary depending on the relationship between the user and the data. For example, a user might be able to edit their own meetings but only view meetings from other departments. This is covered in detail in Explaining Permission Scope.