Permission Keys
Permissions are organized into Admin Portal and User Portal groups. Each permission key controls access to a specific feature area.
Admin Portal Permissions
Section titled “Admin Portal Permissions”These permissions control what an admin-role user can access within the Admin Portal:
| Permission Key | Controls |
|---|---|
admin_portal_access | Ability to log into the Admin Portal |
admin_dashboard | Dashboard overview |
admin_users | User management (create, edit, delete users) |
admin_agreements | Agreement management |
admin_media | Media library |
admin_volunteers | Volunteer management |
admin_students | Student and curriculum management |
admin_subscriptions | Subscription plans, credit packs, add-ons, and subscribers |
admin_sessions | Session events and registrations |
admin_inventory | Inventory and product management |
admin_billing | Billing, invoices, and payment tracking |
admin_notifications | Notification management |
admin_audit_log | Audit log and error log viewing |
admin_reports | Reports and analytics |
admin_settings | System preferences and role permission configuration |
User Portal Permissions
Section titled “User Portal Permissions”These permissions control what features are available in the User Portal:
| Permission Key | Controls |
|---|---|
user_volunteers | Volunteer timeslot browsing and registration |
user_students | Course browsing, enrollment, and progress tracking |
user_subscriptions | Subscription plans, credit packs, and add-on browsing |
user_sessions | Session event browsing and registration |
user_billing | Billing history and payment viewing |
Security Permissions
Section titled “Security Permissions”| Permission Key | Controls |
|---|---|
2fa_enabled | Whether 2FA is available for the role |
2fa_required | Whether 2FA is mandatory for the role |
Permission Matrix
Section titled “Permission Matrix”Administrators configure permissions in Admin Portal > Administration > Preferences > Role Permissions. The matrix shows:
- Rows: Each permission key
- Columns: Each role (User, Admin, Student, Volunteer, Instructor)
- Toggles: Enable or disable each permission per role
The matrix is organized into two tabs:
- Admin Portal tab — Shows all
admin_*permissions - User Portal tab — Shows all
user_*permissions
Security permissions (2fa_enabled, 2fa_required) appear in a separate section.
Escalation Guard
Section titled “Escalation Guard”When enabling admin-scoped permissions for non-admin roles (e.g., giving the Student role access to admin_users), a confirmation modal appears warning about the security implications. This prevents accidental privilege escalation.
Super Admin Wildcard
Section titled “Super Admin Wildcard”Users with the admin role who have the wildcard permission (*) bypass all permission checks. This is the super-admin level — they can access everything regardless of individual permission settings.