Role Permissions Reference
Complete reference guide for user roles and their permissions in the ClubVIP platform.
Role Hierarchy
The system uses a numeric hierarchy where higher-level roles inherit permissions from lower-level roles:
| Role | Level | Access Scope |
|---|---|---|
| PLATFORM_ADMIN | 100 | All tenants, all locations |
| TENANT_ADMIN | 80 | All locations in tenant |
| LOCATION_ADMIN | 60 | Assigned locations only |
| LOCATION_MANAGER | 60 | (Deprecated alias for LOCATION_ADMIN) |
| DOOR | 60 | (Deprecated alias for LOCATION_ADMIN) |
| BAR | 60 | (Deprecated alias for LOCATION_ADMIN) |
| PROMO | 40 | Enrollment functions only |
| AUDITOR | 20 | Read-only access |
Important: DOOR and BAR are legacy role names that map to LOCATION_ADMIN (level 60). This means staff with DOOR or BAR roles have the same permissions as LOCATION_ADMIN.
Permission Matrix
Configuration & Setup
| Action | PLATFORM_ADMIN | TENANT_ADMIN | LOCATION_ADMIN | PROMO | AUDITOR |
|---|---|---|---|---|---|
| Create tenants | Yes | No | No | No | No |
| Manage tenant settings | Yes | Yes | No | No | No |
| Create locations | Yes | Yes | No | No | No |
| Edit locations | Yes | Yes | Own only | No | No |
| Create card tiers | Yes | Yes | No | No | No |
| Edit card tiers | Yes | Yes | No | No | No |
| Create perk rules | Yes | Yes | No | No | No |
| Edit perk rules | Yes | Yes | No | No | No |
User Management
| Action | PLATFORM_ADMIN | TENANT_ADMIN | LOCATION_ADMIN | PROMO | AUDITOR |
|---|---|---|---|---|---|
| Create users | Yes | Yes | No | No | No |
| Edit users | Yes | Yes | No | No | No |
| Delete users | Yes | Yes | No | No | No |
| Assign roles | Yes | Yes (limited) | No | No | No |
| View all users | Yes | Yes | Own tenant | No | No |
Note: TENANT_ADMIN can create users but cannot create other TENANT_ADMIN or PLATFORM_ADMIN users.
Customer Management
| Action | PLATFORM_ADMIN | TENANT_ADMIN | LOCATION_ADMIN | PROMO | AUDITOR |
|---|---|---|---|---|---|
| View all customers | Yes | Yes | Location-scoped | No | Yes (read-only) |
| Create customers | Yes | Yes | Yes | Yes | No |
| Edit customers | Yes | Yes | Yes | No | No |
| Suspend cards | Yes | Yes | Yes | No | No |
| Revoke cards | Yes | Yes | Yes | No | No |
| View visit history | Yes | Yes | Location-scoped | No | Yes |
| Export customer data | Yes | Yes | Location-scoped | No | No |
Location-scoped: LOCATION_ADMIN can only see customers who have visited their assigned locations.
Daily Operations
| Action | PLATFORM_ADMIN | TENANT_ADMIN | LOCATION_ADMIN | PROMO | AUDITOR |
|---|---|---|---|---|---|
| Door scanning | Yes | Yes | Yes | No | No |
| Bar redemption | Yes | Yes | Yes | No | No |
| Customer lookup | Yes | Yes | Yes | Yes | Yes (read-only) |
| Issue tickets | Yes | Yes | Yes | No | No |
| Redeem tickets | Yes | Yes | Yes | No | No |
| Manager override | Yes | Yes | Yes | No | No |
Offers & Promotions
| Action | PLATFORM_ADMIN | TENANT_ADMIN | LOCATION_ADMIN | PROMO | AUDITOR |
|---|---|---|---|---|---|
| Create offers | Yes | Yes | No | No | No |
| Edit offers | Yes | Yes | No | No | No |
| Publish offers | Yes | Yes | No | No | No |
| Pause/cancel offers | Yes | Yes | No | No | No |
| View offer performance | Yes | Yes | Location-scoped | No | Yes (read-only) |
Reports & Analytics
| Action | PLATFORM_ADMIN | TENANT_ADMIN | LOCATION_ADMIN | PROMO | AUDITOR |
|---|---|---|---|---|---|
| Visit reports | Yes | Yes | Location-scoped | No | Yes |
| Redemption reports | Yes | Yes | Location-scoped | No | Yes |
| Financial reports | Yes | Yes | Location-scoped | No | Yes |
| Enrollment reports | Yes | Yes | Location-scoped | No | Yes |
| Fraud reports | Yes | Yes | Location-scoped | No | Yes |
| Audit logs | Yes | Yes | Location-scoped | No | Yes |
| Export reports | Yes | Yes | Location-scoped | No | Yes |
System Administration
| Action | PLATFORM_ADMIN | TENANT_ADMIN | LOCATION_ADMIN | PROMO | AUDITOR |
|---|---|---|---|---|---|
| View system settings | Yes | No | No | No | No |
| Modify system settings | Yes | No | No | No | No |
| Access admin panel | Yes | Yes | Yes | No | No |
| View audit logs | Yes | Yes | Location-scoped | No | Yes |
Role Descriptions
PLATFORM_ADMIN
Who: ClubVIP platform administrators
Responsibilities:
- Manage multiple tenants (customers)
- Configure system-wide settings
- Create and manage tenant accounts
- Cross-tenant analytics and reporting
- Platform maintenance and updates
Typical users:
- ClubVIP staff
- Platform support team
Key capabilities:
- Can switch between any tenant using tenant selector
- Has override access to all features
- Can impersonate other roles for testing
TENANT_ADMIN
Who: Top-level administrators for a single club/operator
Responsibilities:
- Manage all locations for their organization
- Configure card tiers and perk rules
- Create and manage staff users
- Oversee all operational data
- Financial reporting and analytics
Typical users:
- Club owners
- General managers
- Operations directors
Key capabilities:
- Full access within their tenant
- Cannot see other tenants' data
- Cannot create other TENANT_ADMIN users (only lower roles)
LOCATION_ADMIN
Who: Managers responsible for specific venues
Responsibilities:
- View customers who visited their locations
- Perform door and bar operations
- Run location-specific reports
- Handle customer issues
- Manage day-to-day operations
Typical users:
- Venue managers
- Head bartenders
- Senior floor staff
Key capabilities:
- Can see data for assigned locations only
- Cannot create perk rules or offers
- Cannot manage other users
- Full operational capabilities (door, bar, overrides)
Note: DOOR and BAR legacy roles map to this level.
PROMO
Who: Staff dedicated to enrolling new VIP members
Responsibilities:
- Enroll new customers
- Issue VIP cards
- Explain program benefits
- Handle enrollment questions
Typical users:
- Promo staff
- Host/hostesses
- Marketing staff
Key capabilities:
- Limited to enrollment functions
- Can create customer records
- Can issue new cards
- Cannot access operational features
AUDITOR
Who: Staff needing read-only access for oversight
Responsibilities:
- Review audit logs
- Generate reports
- Monitor compliance
- Investigate discrepancies
Typical users:
- Compliance officers
- External auditors
- Financial reviewers
Key capabilities:
- Read-only access to all data
- Cannot modify any records
- Cannot perform operations (door, bar)
- Full reporting access
Role Assignment Best Practices
Principle of Least Privilege
Assign the MINIMUM role necessary:
- Don't give TENANT_ADMIN to location managers
- Don't give LOCATION_ADMIN to promo staff
- Use AUDITOR for read-only needs
Why:
- Reduces risk of accidental changes
- Simplifies training
- Improves audit trails
- Limits damage from compromised accounts
Location Assignments
For LOCATION_ADMIN roles:
- Assign ONLY the locations they manage
- Don't assign all locations unless necessary
- Review assignments quarterly
- Remove old locations when staff transfers
Role Review Process
Quarterly review:
- List all users and their roles
- Verify each user needs their current role
- Check location assignments are current
- Remove inactive users
- Document any changes
Permission Checks
How Permissions Work
Backend enforcement:
- All API requests validated by role
- Tenant context enforced via TenantGuard
- Location filtering applied automatically
- No way for users to bypass restrictions
Frontend restrictions:
- UI hides features user can't access
- Navigation only shows allowed pages
- Buttons disabled for restricted actions
Important: Security is enforced at API level. Even if someone manipulates the UI, backend rejects unauthorized requests.
Special Cases
PLATFORM_ADMIN tenant switching:
- Can use
x-tenant-idheader to access any tenant - Used for support and administration
- All actions logged with original user and impersonated tenant
Manager overrides:
- Higher-level roles can override lower-level restrictions
- Example: TENANT_ADMIN can override location-specific settings
- All overrides logged to audit trail
Cross-location access:
- TENANT_ADMIN sees all locations
- LOCATION_ADMIN sees assigned locations only
- Customers visible based on location visit history
Role Limitations
What No Role Can Do
System-level restrictions:
- Modify audit logs (append-only)
- Delete customer records (only suspend/revoke)
- Change historical redemption data
- Bypass fraud detection
What Only PLATFORM_ADMIN Can Do
- Create tenants
- Delete tenants
- Access system configuration
- View cross-tenant analytics
- Impersonate other tenants
What Requires Two-Person Authorization
Future feature:
- Large financial overrides
- Mass customer data changes
- Perk rule deletions
- System-wide configuration changes
Troubleshooting Permissions
"Access Denied" Error
Check:
- User's role assignment
- Location assignments (if applicable)
- Tenant context (PLATFORM_ADMIN must select tenant)
- Session hasn't expired
Can't See Expected Data
Possible causes:
- LOCATION_ADMIN seeing only assigned locations
- Customers haven't visited your locations
- Date filters excluding data
- Role doesn't have read access to that data type
Can't Perform Action
Verify:
- Role has permission for action (see matrix above)
- Target resource is in your scope
- Action requires higher privilege level
- System-level restriction (e.g., can't delete audit logs)
Related Articles
- Understanding Your Role - Roles explained for users
- User Management - Creating and managing users
- Multi-Tenancy - How tenant scoping works
- Audit Logs - Viewing permission usage