Skip to content

How roles and permissions work

MapleGather’s role-based access model lets volunteer and professional admins control exactly who can do what inside your organization — from full ownership down to read-only access.

Every admin holds one or more roles, and their effective permissions are the union of all those roles. Roles start from predefined system templates you can use as-is or clone and customize. You can also narrow a role’s reach to specific membership levels, member tags, or event categories.

MapleGather’s access model works along three axes.

MapleGather provides seven read-only templates you can assign directly or clone as a starting point:

Template Typical use
Org Owner Full access, including billing and admin management
Finance Manager Billing, payments, and financial reports
Communications Manager Email, announcements, and directory
Events Manager Event creation, check-in, and event reports
Web Editor Public-facing pages and branding
Membership Manager Member records, membership levels, and renewals
Read-only View access across all areas

These templates are provided by MapleGather and cannot be edited. Clone a template to create a customizable version.

Clone any template and then add or remove individual permission flags across nine categories:

  • Members — view, edit, and manage member records
  • Memberships — manage membership levels and renewals
  • Events — create, edit, and manage events
  • Billing — manage payment methods, invoices, and subscription
  • Email — send and manage email communications
  • Directory — view and manage the member directory
  • Admin — invite, edit, and revoke admin accounts
  • Integrations — connect and manage third-party integrations
  • Reports — view and export reports

Each flag controls a specific action. You can mix and match flags freely within a custom role.

Optionally restrict a role to specific membership levels, member tags, or event categories. An admin with a scoped role only sees records within their scope — out-of-scope records are excluded from search results rather than surfaced with an error message.

An admin’s effective permissions are the union of all roles they hold. If one role excludes an action and another includes it, the inclusion wins. You can review any admin’s combined permission set from Admin & SecurityAdmins → select an admin → Permissions tab.

You can bind a role to a Tag. Any admin who holds that Tag automatically receives the role’s permissions — useful for committee-based volunteer orgs where roles follow position, not person.

Small volunteer organizations often need one or two admins who can handle everything. Larger organizations need tighter controls to separate financial, communications, and membership duties. The three-axis model serves both: assign a system template for simplicity, then add custom roles and data scopes as your governance needs grow.

  • An archived role’s existing assignments remain valid until you manually remove them.
  • An admin with no roles assigned has no permissions — they can sign in but see nothing.
  • MapleGather prevents any action that would leave your organization with zero Org Owners. Revoke, demote, or group-binding changes that would remove the last Org Owner are blocked with a clear error message.
  • SSO claim-based group bindings are planned for a future release.