Help Center
Manage

Roles, Permissions, and the Tier System

11 system roles + 61 permissions across three tiers. Owner (0) governs the whole platform; Admin (1) runs operations; Specialty roles (2) cover their domain.

The Role-Based Access Control (RBAC) system is the foundation of who can see and do what.

Tiers

  • Tier 0 — Owner. Can transfer ownership, cancel subscription, and do everything else.
  • Tier 1 — Administrator. Runs the operation. Cannot transfer ownership or cancel billing.
  • Tier 2 — Specialty roles (Pastoral Care, Communications Director, Financial Administrator, Volunteer Coordinator, Worship Director, Childcare Coordinator, Content Producer, Viewer). Each scoped to their domain.

Per-seat grants and revokes

Sometimes a specific staff member needs slightly different access than their role provides. Grants extend access; revokes remove it. Both are visible in the team page and audited in the org audit log.

Inviting staff

Send an invite from /organization-settings/team. Role is selected per-invite. The invited person gets an email with an HMAC-signed token that binds them to that specific seat.

Related articles

Multi-Campus Operations
TC+ is multi-campus from the data model up. Per-campus filtering on every list, per-campus permission scoping, per-campus dashboards, and a senior-pastor rollup view.

Didn't find what you're looking for? Browse all articles or use the search bar.

20 articles total. The library expands as new features ship.