Roles

/settings/roles

A read-only catalogue of roles available in the tenant, with the permissions each one grants.

What the page shows

Collapsible role cards, one per role. Each card shows:

Role ID — the canonical identifier
Description — human-readable summary
System flag — whether this is a FrontLine-shipped role (immutable) or a tenant-defined custom role
Permission list — the full set of <module>.<resource>.<action> strings the role grants

Standard roles

FrontLine ships standard roles (Admin, Viewer, Approver, etc.) covering the most common access patterns. Custom roles can be defined per tenant for finer-grained access — e.g., a "QA Lead" role that combines QA write access with read-only access to evaluations across all teams.

Where roles get assigned

User-to-role assignment happens in Settings → Users. Each user can hold multiple roles, with the union of their permissions applied.

Why this page is read-only

Role definitions live in code (or in an admin-only configuration surface not exposed to the standard tenant admin) so the catalogue is consistent across deployments. To request a new role, contact your FrontLine support contact.

What the page shows​

Standard roles​

Where roles get assigned​

Why this page is read-only​

What the page shows

Standard roles

Where roles get assigned

Why this page is read-only