TaskRox Help & User Manual
Select a topic from navigation to view one module at a time.
Topic: Roles & permissions
General
Modules
Roles & permissions
A layered access model covering organisation roles, project membership templates, and per-module permissions.
On this page
The three-layer access model
TaskRox uses a layered permission model that evaluates access from the top down:
- Organisation — org-level role (Owner / Org Admin / Member / Viewer)
- Project — project membership with a role template
- Module — per-module permission levels (None / View / Edit / Admin)
Each layer inherits from the one above. Org Admins and Owners automatically have Admin access to all project modules. Everyone else uses the project-level role template plus any per-member overrides.
Organisation roles
Every user has an org-level role inside their own workspace:
| Role | Organisation-level capability | Project/module capability |
|---|---|---|
| Owner | Full org control: members, User Control, role templates, org settings, billing, feature/policy config | Automatic Admin on all modules in all org projects |
| Org Admin | Manage org operations: members, User Control, role templates, org settings, feature/policy config (non-owner org admin authority) | Automatic Admin on all modules in all org projects |
| Member | No org admin surfaces (cannot open Organisation command pages like Members/User Control) | Access only to assigned projects, using role template + per-module overrides |
| Viewer | No org admin surfaces (same org-level boundary as Member) | Access only to assigned projects, typically configured as read-only via template/overrides |
Change org roles under Organisation → Members.
Important: Owners and Org Admins automatically have Admin access to all modules in every project — they bypass project-level permissions entirely.
Project membership and role templates
Project access is controlled by: - project membership - a role template (defines default permissions for each module) - optional per-member overrides
Eight built-in role templates cover common roles:
| Template | Typical use |
|---|---|
| Project Admin | Full control of the project |
| Project Manager | Day-to-day project management |
| Scheduler | Gantt and planning focus |
| Cost Controller | Budget and commercial focus |
| Document Controller | Documents and transmittals |
| Site Supervisor | Field operations and daily reports |
| Consultant | External read-mostly access |
| Stakeholder | Limited visibility for clients/observers |
TaskRox ships with these 8 system templates by default. Depending on your organisation setup, additional templates may also be available.
When inviting a person to a project, the Project Role is the access template. It is separate from the contact's Current Position or real-world job title.
Module permission levels
Each project module resolves to one of four levels per member:
| Level | What they can do |
|---|---|
| None | Module hidden from sidebar; all API routes return 403 |
| View | Read-only — see data, cannot create/edit/delete. Lock icon shown on sidebar. |
| Edit | Create, edit, upload, comment. Cannot delete or configure. |
| Admin | Full access — create, edit, delete, configure, manage module settings. |
The sidebar automatically hides modules where the user has None permission. Modules with View permission show a lock icon to indicate read-only access.
Dashboard visibility auto-inherits: if a user can access any other module, Dashboard is shown at least as View.
Per-member overrides
Assign a template to a project member, then override individual modules as needed.
Two ways to manage overrides:
- Project Settings → Team — expand a member's row to see the per-module permission grid. Click any module's level pill to change it.
- Organisation → User Control (Org Admins only) — see all users across all projects with a visual permission matrix. Edit template and overrides from one central location.
Overrides are visually distinguished from template defaults: - Blue indicates the permission comes from the template - Amber indicates an explicit override
Click Reset to Template to clear all overrides and return to template defaults.
User Control Hub
Org Admins can access Organisation → User Control to manage all users and their permissions in one place.
Features: - See all org users with their org roles - See which projects each user is on - View and edit permissions via a visual matrix UI - Filter and search across users and projects - Change role templates and add overrides
The User Control Hub shows: - User cards with project membership counts - Per-project role template and override count - Full permission matrix when editing
This is the recommended way to audit and manage permissions across your organisation.
Inviting internal and external people
Contacts can be classified as internal or external, then invited into the app with a project role.
Safe pattern for external users: 1. Keep their org role as Member or Viewer 2. Add them only to the required project 3. Use a constrained role template such as Consultant or Stakeholder 4. Apply per-module overrides only where needed
This keeps the project directory, invite flow, and permission model aligned.
Frequently asked questions
Q: Why can't a user see a module in the sidebar? Their effective permission for that module is None. Check their role template and any overrides in Project Settings → Team or User Control.
Q: Why does someone have full access even though their template is restricted? If they are an Org Admin or Owner, they automatically have Admin access to all modules — role templates don't apply to them.
Q: How do I give someone read-only access to just one module? 1. Assign them the Stakeholder template (which has mostly None/View permissions) 2. Add an override for the specific module to set it to View
Q: What happens when I change someone's role template? Their effective permissions update immediately. Any existing overrides are preserved unless you explicitly reset to template.
Q: How do I audit who has access to what? Use Organisation → User Control to see all users and their project permissions in one view.