Skip to main content

Permissions and organizations

Access inside an organization uses roles wired to granular permissions. Dashboard visibility depends on the active organization, role assignments, and permission scope.

For the structured permission vocabulary used in role editors, see /reference/permissions.

Organization model

Scoutello data is organization-scoped. A user can belong to more than one organization and can have different roles in each one. Always confirm the active organization before diagnosing access, missing records, or missing sidebar items.

Organizations can also have hierarchy. Larger customers may use child organizations for properties, teams, locations, or brands, while a parent organization keeps the broader customer relationship manageable.

Permission shape

Most permissions use this shape:

entity:action:scope

For example, customer:read:assigned means the role can read assigned customer records, but not necessarily every customer in the organization.

Organization administration uses the admin entity with the same action/scope pattern (for example admin:list:all). Roles that manage child organizations and user roles typically include several admin:* permissions together. Do not confuse this with the separate global Scoutello platform administrator account type, which is used only by Scoutello staff and unlocks cross-tenant tooling.

How the sidebar uses permissions

The dashboard hides links the current session should not use. Examples:

  • Customer management routes depend on entities such as customer, protocol, task, project, document, newsletter, email, and event capabilities.
  • Web apps and tours routes depend on landing page, tour, offer, contact form, site plan, and related assignment rules.
  • Settings routes expose commerce templates, event tooling, hierarchy controls for organization admins, and additional shortcuts reserved for platform operators where applicable.
  • Users assigned as tour guides in the organization can see analytics/overview entry points without full landing-page or tour edit rights.

A missing menu item often reflects permission rules rather than deployment failure.

Support workflow

When access looks wrong:

  1. Confirm the active organization.
  2. Confirm the user's role in that organization.
  3. Check the relevant entity, action, and scope.
  4. Check assigned-only relationships for records that should be visible.
  5. Consider whether the user is a platform operator versus an organization member.
  6. Avoid granting broad organization administration (admin entity) capabilities unless the user should manage organization structure and roles.

Related concepts: Reference: permissions, Dashboard overview.