Roles & permissions

PilotBPM uses an allow-based model with explicit DENY overrides for sensitive areas. Permissions can be scoped to departments and layered per-person.

Built-in roles

Role	Intended for	Gist
Owner / Admin	Workspace owners	Full access to everything.
Manager	Team / department leads	Manage SOPs, blueprints, runs, tickets, forms, documents; oversee their department.
Department Head	A manager who heads a department	Manager rights scoped to their department (and its sub-sites).
Employee (Member)	Individual contributors	Read SOPs, complete tasks assigned to them, submit forms/tickets.
Auditor	Reviewers, external auditors	Read-only across modules. Cannot change anything.
Guest / Temp	On-site temps, contractors	Read shared SOPs & workflows, submit tickets, and complete tasks assigned to them.

Department scoping & hierarchy

Departments can nest (e.g. Multifamily → West Region → Maple Apartments). A department head's authority cascades to sub-sites. Use oversight assignments to give VPs/Directors visibility into departments they don't directly head.

Management rank

Each role carries a rank. Rank decides who can act on a task assigned to someone else: a line employee can't close a task assigned to their manager, but a higher-ranked manager can. Custom roles can set an explicit rank to model deep org ladders.

Custom roles & per-person grants

• Custom roles let you bundle exactly the permissions a job needs and assign a rank.
• Extra permissions can be granted to a single member on top of their role.
• Permission rules (Admin → Members) add fine-grained ALLOW/DENY for a user, role, or department — even down to a specific resource or category.

Temporary access

When adding or editing a member you can set Access expires on a date. After that moment the membership is automatically treated as inactive — ideal for a temp covering a site or an auditor with a fixed engagement window. Pair this with the Guest / Temp or Auditor role to share just enough, just long enough.