User Roles
Siteflo uses role-based access control to determine what each user can see and do. Every user is assigned one role, and each role has a defined set of permissions and property access scope.
Roles Overview
Section titled “Roles Overview”Site Staff
Section titled “Site Staff”Entry-level role for property staff members.
- Property Access: One assigned property only.
- Can: View and create incidents at their property.
- Cannot: Edit, delete, or restore incidents. Cannot mark incidents as critical.
Site Manager
Section titled “Site Manager”Manages day-to-day operations at a single property.
- Property Access: One assigned property.
- Can: View, create, edit, delete, and restore incidents. Mark incidents as critical. View deleted incidents. Access property dashboards and summaries.
- Best for: Property managers responsible for on-site safety and compliance.
Regional Supervisor
Section titled “Regional Supervisor”Oversees multiple properties within a region.
- Property Access: Multiple assigned properties.
- Can: All incident actions across assigned properties.
- Best for: Regional managers who need visibility across a portfolio of properties.
Director
Section titled “Director”Executive-level role with organization-wide access.
- Property Access: All properties.
- Can: All incident actions across all properties.
- Best for: Executives and senior leadership needing full organizational visibility.
CIRT Member
Section titled “CIRT Member”Critical Incident Response Team member.
- Property Access: All properties.
- Can: All incident actions across all properties. Receives notifications when incidents are marked critical.
- Best for: Staff dedicated to responding to serious or escalated incidents.
System Administrator
Section titled “System Administrator”Full system access including user and configuration management.
- Property Access: All properties.
- Can: Everything, including user management and role assignment.
- Best for: IT staff or operations leads responsible for system configuration.
External Partner
Section titled “External Partner”Limited access for third-party organizations such as counseling services or social workers.
- Property Access: Assigned properties only.
- Can: View incidents at assigned properties.
- Cannot: Create, edit, delete, or manage incidents in any way.
- Best for: Outside organizations that need read-only visibility into incident reports.
Permissions Matrix
Section titled “Permissions Matrix”| Permission | Site Staff | Site Manager | Regional Supervisor | Director | CIRT Member | System Admin | External Partner |
|---|---|---|---|---|---|---|---|
| View incidents | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Create incidents | Yes | Yes | Yes | Yes | Yes | Yes | No |
| Edit incidents | No | Yes | Yes | Yes | Yes | Yes | No |
| Delete incidents | No | Yes | Yes | Yes | Yes | Yes | No |
| Restore incidents | No | Yes | Yes | Yes | Yes | Yes | No |
| Mark critical | No | Yes | Yes | Yes | Yes | Yes | No |
| View deleted | No | Yes | Yes | Yes | Yes | Yes | No |
| Manage users | No | No | No | No | No | Yes | No |
Property Access Scope
Section titled “Property Access Scope”All incident actions are scoped to the user’s property access. Even if a role has the incidents:read permission, the user can only view incidents for properties they are assigned to.
| Role | Properties |
|---|---|
| Site Staff | 1 assigned property |
| Site Manager | 1 assigned property |
| Regional Supervisor | Multiple assigned properties |
| Director | All properties |
| CIRT Member | All properties |
| System Administrator | All properties |
| External Partner | Multiple assigned properties |