Predefined role. Holders typically receive this role at Building scope
(occasionally at Lot scope when narrowing). At a given scope, effective
permissions are the union of all roles a user holds there.
Permission
View
Create
Edit
Approve
Buildings & lots
building.*
✓
—
✓
—
lot.*
✓
✓
✓
—
Tenants
tenant.*
✓
✓
✓
—
Contractors & workers
contractor.invite
—
✓
—
—
contractor.approve_compliance
—
—
—
✓
worker.approve_induction
—
—
—
✓
Jobs & attendance
job.create / assign / close
✓
✓
✓
—
attendance.export
✓
—
—
—
Incidents & playbooks
incident.triage / ack / reassign / close
✓
✓
✓
—
incident.add_note
—
✓
—
—
playbook.create / edit / publish
✓
✓
✓
—
Knowledge base
kb.read / publish
✓
✓
—
—
Audit & signage
audit.view / export
✓
—
—
—
signage.*
✓
✓
✓
—
Cascade rule
A role on a building applies to its lots by default unless a more
specific (lot-scoped) role assignment exists for the same user on that lot.
The role itself can declare which permissions are building-only and which
cascade to lots — most permissions cascade for this role.