Roles and Permissions
The Junipa Organisation Portal uses role-based access control (RBAC) to manage what each user can see and do. There are two roles available at the organisation level.
Roles Overview
Admin
Organisation Admins have full access to all features of the organisation portal.
Permissions:
- View the organisation dashboard and all connected school data
- Access all reports (executive overview, audit reports, attendance)
- Generate and manage invite codes for connecting schools
- Add, edit, and remove organisation portal users
- Modify organisation settings and terminology
- Disconnect schools from the organisation
Who should be an Admin:
- Organisation leadership responsible for NCCD oversight
- IT administrators managing the organisation portal
- Staff who need to connect new schools or manage team access
Viewer
Viewers have read-only access to dashboards and reports. They cannot make changes to settings, team membership, or school connections.
Permissions:
- View the organisation dashboard and all connected school data
- Access all reports (executive overview, audit reports, attendance)
- Export reports
Cannot:
- Add or remove users
- Modify settings or terminology
- Generate invite codes or connect/disconnect schools
Who should be a Viewer:
- Executive staff who need reporting access without management responsibilities
- Board members or governance personnel reviewing NCCD compliance
- Regional coordinators who need visibility but not control
Permissions Matrix
| Feature | Admin | Viewer |
|---|---|---|
| View dashboard | Yes | Yes |
| View connected schools | Yes | Yes |
| View school health status | Yes | Yes |
| Access executive overview | Yes | Yes |
| Access audit reports | Yes | Yes |
| Access attendance reports | Yes | Yes |
| Export reports | Yes | Yes |
| Generate invite codes | Yes | No |
| Connect/disconnect schools | Yes | No |
| Add/remove team members | Yes | No |
| Change user roles | Yes | No |
| Modify general settings | Yes | No |
| Modify terminology settings | Yes | No |
Changing Roles
Only an Admin can change another user's role. See Team Management for instructions.
Best Practices
- Assign the Viewer role by default and only elevate to Admin when the user needs management capabilities.
- Ensure at least two users have the Admin role to avoid being locked out if one admin is unavailable.
- Review team access periodically and remove users who no longer need access.