Role Permissions Reference
Complete reference guide for user roles and their permissions in the Hedges VIP platform.
A note on UI labels vs. code identifiers
UI labels and route paths now use the redesigned vocabulary; some database enum values still read the older names. Both are shown below side-by-side.
| UI label | Code identifier today | Eventual code identifier |
|---|---|---|
| Platform Admin | PLATFORM_ADMIN | PLATFORM_ADMIN (no change) |
| Org Admin | TENANT_ADMIN | ORG_ADMIN |
| Location Admin | LOCATION_ADMIN | LOCATION_ADMIN (no change) |
| Staff | PROMO | STAFF |
| Outside Promotions | OUTSIDE_PROMOTIONS | PROMOTER |
The legacy Auditor role (AUDITOR) has been retired. Anyone previously assigned that role has been migrated to Location Admin with the same location scope.
Role Hierarchy
The system uses a numeric hierarchy where higher-level roles inherit permissions from lower-level roles:
| UI label | Code identifier | Level | Access Scope |
|---|---|---|---|
| Platform Admin | PLATFORM_ADMIN | 100 | All Organizations, all locations |
| Org Admin | TENANT_ADMIN | 80 | All locations in the Organization |
| Location Admin | LOCATION_ADMIN | 60 | Assigned locations only |
| Location Manager (deprecated alias) | LOCATION_MANAGER | 60 | (Alias for Location Admin) |
| (Legacy alias) | DOOR | 60 | (Legacy alias for Location Admin) |
| (Legacy alias) | BAR | 60 | (Legacy alias for Location Admin) |
| Staff | PROMO | 40 | Kiosk-mode functions only |
Important: DOOR and BAR are legacy role names that map to LOCATION_ADMIN (level 60). Staff with these legacy roles have the same permissions as Location Admin.
Permission Matrix
The tables below use code identifiers in column headers since those are what the API enforces. Map them to UI labels using the table above (TENANT_ADMIN = Org Admin, PROMO = Staff, etc.).
Configuration & Setup
| Action | PLATFORM_ADMIN | TENANT_ADMIN | LOCATION_ADMIN | PROMO |
|---|---|---|---|---|
| Create Organizations | Yes | No | No | No |
| Manage Organization settings | Yes | Yes | No | No |
| Create locations | Yes | Yes | No | No |
| Edit locations | Yes | Yes | Own only | No |
| Create card tiers | Yes | Yes | No | No |
| Edit card tiers | Yes | Yes | No | No |
| Create perk rules | Yes | Yes | No | No |
| Edit perk rules | Yes | Yes | No | No |
People Management (formerly "User Management")
| Action | PLATFORM_ADMIN | TENANT_ADMIN | LOCATION_ADMIN | PROMO |
|---|---|---|---|---|
| Invite Org Admins | Yes | Yes | No | No |
| Invite Location Admins | Yes | Yes | Within their locations | No |
| Invite Staff | Yes | Yes | Yes (their locations) | No |
| Invite Outside Promotions partners | Yes | Yes | No | No |
| Edit users | Yes | Yes | Within their locations | No |
| Delete users | Yes | Yes | Within their locations | No |
| View all users | Yes | Yes | Own Organization | No |
Note: TENANT_ADMIN cannot create other TENANT_ADMIN or PLATFORM_ADMIN users.
Member Management
| Action | PLATFORM_ADMIN | TENANT_ADMIN | LOCATION_ADMIN | PROMO |
|---|---|---|---|---|
| View all Members | Yes | Yes | Location-scoped | Lookup in kiosk |
| Create Members | Yes | Yes | Yes | Yes (Sign-Up kiosk) |
| Edit Members | Yes | Yes | Yes | No |
| Suspend cards | Yes | Yes | Yes | No |
| Revoke cards | Yes | Yes | Yes | No |
| View visit history | Yes | Yes | Location-scoped | No |
| Export Member data | Yes | Yes | Location-scoped | No |
Location-scoped: Location Admin can only see Members who have visited their assigned locations.
Floor (live in-venue operations)
| Action | PLATFORM_ADMIN | TENANT_ADMIN | LOCATION_ADMIN | PROMO |
|---|---|---|---|---|
| Door scanning | Yes | Yes | Yes | Door / All kiosk |
| Bar redemption | Yes | Yes | Yes | Bar / All kiosk |
| Sign-Up Scanner | Yes | Yes | Yes | Sign-Up / All kiosk |
| Member lookup | Yes | Yes | Yes | Yes (kiosk) |
| Issue tickets | Yes | Yes | Yes | Door kiosk |
| Redeem tickets | Yes | Yes | Yes | Bar kiosk |
| Manager override | Yes | Yes | Yes | No |
Acquire (Sign-Up Assets, Coupons, Outside Promotions Program)
| Action | PLATFORM_ADMIN | TENANT_ADMIN | LOCATION_ADMIN | PROMO |
|---|---|---|---|---|
| Manage Sign-Up Assets | Yes | Yes | View only | No |
| Manage Coupons | Yes | Yes | No | No |
| Manage Outside Promotions Program | Yes | Yes | No | No |
Engage (Announcements, Offers, Perks)
| Action | PLATFORM_ADMIN | TENANT_ADMIN | LOCATION_ADMIN | PROMO |
|---|---|---|---|---|
| Create offers | Yes | Yes | No | No |
| Edit offers | Yes | Yes | No | No |
| Publish offers | Yes | Yes | No | No |
| Pause/cancel offers | Yes | Yes | No | No |
| View offer performance | Yes | Yes | Location-scoped | No |
| Send Announcements | Yes | Yes | No | No |
Insights (formerly "Reports")
| Action | PLATFORM_ADMIN | TENANT_ADMIN | LOCATION_ADMIN | PROMO |
|---|---|---|---|---|
| Visit reports | Yes | Yes | Location-scoped | No |
| Redemption reports | Yes | Yes | Location-scoped | No |
| Financial reports | Yes | Yes | Location-scoped | No |
| Enrollment reports | Yes | Yes | Location-scoped | No |
| Fraud reports | Yes | Yes | Location-scoped | No |
| Audit logs | Yes | Yes | Location-scoped | No |
| Export reports | Yes | Yes | Location-scoped | No |
System Administration
| Action | PLATFORM_ADMIN | TENANT_ADMIN | LOCATION_ADMIN | PROMO |
|---|---|---|---|---|
| View system settings | Yes | No | No | No |
| Modify system settings | Yes | No | No | No |
| Access admin panel | Yes | Yes | Yes | No |
| View audit logs | Yes | Yes | Location-scoped | No |
Role Descriptions
Platform Admin (PLATFORM_ADMIN)
Who: Hedges VIP platform administrators
Responsibilities:
- Manage multiple Organizations on the platform
- Configure system-wide settings
- Create and manage Organization accounts
- Cross-Organization analytics and reporting
- Platform maintenance and updates
Typical users:
- Hedges VIP staff
- Platform support team
Key capabilities:
- Can switch between any Organization using the Organization selector
- Has override access to all features
- Can impersonate other roles for testing
Org Admin (TENANT_ADMIN)
Who: Top-level administrators for a single Organization
Responsibilities:
- Manage all locations in the Organization
- Configure card tiers and perk rules
- Invite and manage Org Admins, Location Admins, Staff, and Outside Promotions partners
- Oversee all operational data
- Financial reporting and analytics
Typical users:
- Organization owners
- General managers
- Operations directors
Key capabilities:
- Full access within their Organization
- Cannot see other Organizations' data
- Cannot create other
TENANT_ADMINusers (only lower roles)
Location Admin (LOCATION_ADMIN)
Who: Managers responsible for specific venues
Responsibilities:
- View Members who visited their locations
- Perform door and bar operations
- Run location-specific reports
- Manage Staff at their locations
- Handle Member issues
- Manage day-to-day operations
Typical users:
- Venue managers
- Head bartenders
- Senior floor staff
Key capabilities:
- Can see data for assigned locations only
- Cannot create perk rules or offers
- Cannot manage Org-level settings
- Full operational capabilities (door, bar, overrides)
Note: DOOR and BAR legacy roles map to this level.
Staff (PROMO)
Who: Anyone working the venue floor — door, bar, sign-up host
Responsibilities:
- Scan Members at the door
- Validate tickets at the bar
- Enroll new Members
- Look up a Member to resolve issues
Typical users:
- Bouncers and door hosts
- Bartenders and bar backs
- Sign-up hosts and floor staff
Key capabilities:
- Lands directly into the device's kiosk mode (Door, Bar, Sign-Up, or All) — no admin sidebar
- Tools shown depend on the device, not the user — the same Staff login adapts to whichever station they're working
- Cannot edit any configuration or run reports
Note: Previously labelled "Promo". The code enum value remains PROMO until the planned rename to STAFF.
Outside Promotions (OUTSIDE_PROMOTIONS)
Who: External partners who bring guests in for commission
Responsibilities:
- Share their referral link / QR code
- Track sign-ups, earnings, and payouts in their own portal
Typical users:
- Independent promoters working venues on commission
Key capabilities:
- Focused workspace at
/promoter-portal— no admin sidebar - Sees only their own sign-ups, earnings, and payout requests
Note: Previously labelled "Concierge". The code enum value remains OUTSIDE_PROMOTIONS until the planned rename to PROMOTER. URLs use the concise /promoter and /promoter-portal paths.
Auditor (AUDITOR) — retired
The Auditor role has been removed. Previous Auditor users were migrated to Location Admin with the same location scope. Audit logs and reports remain accessible via Insights for Org Admins and Location Admins.
Role Assignment Best Practices
Principle of Least Privilege
Assign the MINIMUM role necessary:
- Don't give Org Admin to people who only need Location Admin scope
- Don't give Location Admin to floor staff
- Don't give Org Admin to Outside Promotions partners
Why:
- Reduces risk of accidental changes
- Simplifies training
- Improves audit trails
- Limits damage from compromised accounts
Location Assignments
For Location Admin roles:
- Assign ONLY the locations they manage
- Don't assign all locations unless necessary
- Review assignments quarterly
- Remove old locations when staff transfers
Role Review Process
Quarterly review:
- List all users and their roles
- Verify each user needs their current role
- Check location assignments are current
- Remove inactive users
- Document any changes
Permission Checks
How Permissions Work
Backend enforcement:
- All API requests validated by role
- Organization context enforced via TenantGuard (note: code name retained)
- Location filtering applied automatically
- No way for users to bypass restrictions
Frontend restrictions:
- UI hides features the user can't access
- Navigation only shows allowed pages
- Buttons disabled for restricted actions
Important: Security is enforced at API level. Even if someone manipulates the UI, the backend rejects unauthorized requests.
Special Cases
Platform Admin Organization switching:
- Can use
x-tenant-idheader (legacy code name) to access any Organization - Used for support and administration
- All actions logged with original user and impersonated Organization
Manager overrides:
- Higher-level roles can override lower-level restrictions
- Example: Org Admin can override location-specific settings
- All overrides logged to audit trail
Cross-location access:
- Org Admin sees all locations
- Location Admin sees assigned locations only
- Members visible based on location visit history
Role Limitations
What No Role Can Do
System-level restrictions:
- Modify audit logs (append-only)
- Delete Member records (only suspend/revoke)
- Change historical redemption data
- Bypass fraud detection
What Only Platform Admin Can Do
- Create Organizations
- Delete Organizations
- Access system configuration
- View cross-Organization analytics
- Impersonate other Organizations
What Requires Two-Person Authorization
Future feature:
- Large financial overrides
- Mass Member data changes
- Perk rule deletions
- System-wide configuration changes
Troubleshooting Permissions
"Access Denied" Error
Check:
- User's role assignment
- Location assignments (if applicable)
- Organization context (Platform Admin must select Organization)
- Session hasn't expired
Can't See Expected Data
Possible causes:
- Location Admin seeing only assigned locations
- Members haven't visited your locations
- Date filters excluding data
- Role doesn't have read access to that data type
Can't Perform Action
Verify:
- Role has permission for action (see matrix above)
- Target resource is in your scope
- Action requires higher privilege level
- System-level restriction (e.g., can't delete audit logs)
Related Articles
- Understanding Your Role - Roles explained for users
- People - Creating and managing users
- Multi-Tenancy - How Organization scoping works
- Audit Logs - Viewing permission usage