How roles and permissions work
MapleGather’s role-based access model lets volunteer and professional admins control exactly who can do what inside your organization — from full ownership down to read-only access.
The short version
Section titled “The short version”Every admin holds one or more roles, and their effective permissions are the union of all those roles. Roles start from predefined system templates you can use as-is or clone and customize. You can also narrow a role’s reach to specific membership levels, member tags, or event categories.
How it works
Section titled “How it works”MapleGather’s access model works along three axes.
Axis 1 — Predefined system templates
Section titled “Axis 1 — Predefined system templates”MapleGather provides seven read-only templates you can assign directly or clone as a starting point:
| Template | Typical use |
|---|---|
| Org Owner | Full access, including billing and admin management |
| Finance Manager | Billing, payments, and financial reports |
| Communications Manager | Email, announcements, and directory |
| Events Manager | Event creation, check-in, and event reports |
| Web Editor | Public-facing pages and branding |
| Membership Manager | Member records, membership levels, and renewals |
| Read-only | View access across all areas |
These templates are provided by MapleGather and cannot be edited. Clone a template to create a customizable version.
Axis 2 — Custom role composition
Section titled “Axis 2 — Custom role composition”Clone any template and then add or remove individual permission flags across nine categories:
- Members — view, edit, and manage member records
- Memberships — manage membership levels and renewals
- Events — create, edit, and manage events
- Billing — manage payment methods, invoices, and subscription
- Email — send and manage email communications
- Directory — view and manage the member directory
- Admin — invite, edit, and revoke admin accounts
- Integrations — connect and manage third-party integrations
- Reports — view and export reports
Each flag controls a specific action. You can mix and match flags freely within a custom role.
Axis 3 — Data scope
Section titled “Axis 3 — Data scope”Optionally restrict a role to specific membership levels, member tags, or event categories. An admin with a scoped role only sees records within their scope — out-of-scope records are excluded from search results rather than surfaced with an error message.
Effective permissions
Section titled “Effective permissions”An admin’s effective permissions are the union of all roles they hold. If one role excludes an action and another includes it, the inclusion wins. You can review any admin’s combined permission set from Admin & Security → Admins → select an admin → Permissions tab.
Group bindings
Section titled “Group bindings”You can bind a role to a Tag. Any admin who holds that Tag automatically receives the role’s permissions — useful for committee-based volunteer orgs where roles follow position, not person.
Why it works this way
Section titled “Why it works this way”Small volunteer organizations often need one or two admins who can handle everything. Larger organizations need tighter controls to separate financial, communications, and membership duties. The three-axis model serves both: assign a system template for simplicity, then add custom roles and data scopes as your governance needs grow.
Edge cases & boundaries
Section titled “Edge cases & boundaries”- An archived role’s existing assignments remain valid until you manually remove them.
- An admin with no roles assigned has no permissions — they can sign in but see nothing.
- MapleGather prevents any action that would leave your organization with zero Org Owners. Revoke, demote, or group-binding changes that would remove the last Org Owner are blocked with a clear error message.
- SSO claim-based group bindings are planned for a future release.