DocsRoles & permissions
Docs

Roles & permissions

TaskRox uses a layered access model so internal users and external partners can be invited into the right workspace or project with the right permission level.

Platform roles and super users

Platform roles sit above normal tenant access.

  • User — standard application user
  • Admin — platform admin utilities where enabled
  • Super User — full cross-org superadmin access, including the Administration area

Most users never need a platform role above User.

Workspace roles and project access

Every invited user also has a workspace-level role. They can be from your company or from an external organisation:

  • Owner — full access to everything including billing. Automatically assigned admin on all modules.
  • Org Admin — can manage members, workspace settings, and all projects. Automatically assigned admin on all modules.
  • Member — access controlled by project membership and role template
  • Viewer — restricted org-level access where used

Workspace roles are set when inviting a user and can be changed under Organisation → Members.

Workspace membership is not the same as project membership. A user may belong to a workspace but only be added to selected projects inside it. Project templates and module permissions then decide whether they can view, edit, or administer each module.

Project role templates (8 built-in presets)

Each project member is assigned a role template which defines their permission level across every module.

8 built-in system templates:

TemplateKey modules
Project AdminAll modules → Admin
Project ManagerAll modules → Admin
SchedulerGantt/Kanban/Calendar → Edit; Budget/Docs/TMP/RFI → View
Cost ControllerBudget → Admin; Gantt/Docs/TMP/RFI/Reports → View
Document ControllerDocuments/TMP → Admin; RFI/QA/MOC → Edit; Gantt/Budget → View
Site SupervisorKanban/Daily Reports/HSE/Wall/Messages → Edit; Gantt/QA → View
ConsultantDocuments/TMP/RFI → Edit; Gantt/Budget → View
StakeholderGantt/Budget/Documents/TMP/Reports → View

You can also create custom templates under Organisation → User Control / role templates.

Module permission levels: None / View / Edit / Admin

Each module has one of four permission levels per member:

  • None — module is hidden from the sidebar and all API routes return 403.
  • View — read-only. Can see data but cannot create, edit, or delete. A lock icon appears on the sidebar link.
  • Edit — can create, edit, upload, comment. Cannot delete or configure module settings.
  • Admin — full access: create, edit, delete, configure, manage module settings.

These levels are what make external partner access practical: a consultant might edit RFIs and Documents but only view Budget, while a client stakeholder might view Reports and Closeout only.

Org owners and Org Admins always have Admin on all modules regardless of project role template.

Per-member permission overrides

Sometimes a team member needs a different access level for a specific module without changing their entire role template.

In Project Settings → Team, expand any member's row to see the per-module permission grid. Click any module's level to override it for that member only.

Overrides take precedence over the role template. Remove an override to revert to the template's default.

Inviting internal and external users safely

TaskRox is designed for project networks, not just people inside your own company. You can invite a contractor, consultant, client representative, designer, owner rep, supplier, or internal staff member, then control their access by workspace, project, and module.

To give an internal or external person access to specific parts of a project:

  1. Invite them as a workspace Member or Viewer unless they genuinely need workspace administration.
  2. Add them to the relevant project.
  3. Assign the Consultant or Stakeholder template (or create a custom one).
  4. Use per-member overrides to restrict to exactly the modules they need.

They will only see the projects and modules they have access to — the rest are hidden from their sidebar and protected by API permission checks.

Use View for read-only stakeholders, Edit for contributors who need to upload/respond/update records, and Admin only for people who should manage module settings or approvals.