Skip to content

Permission flags reference

This page lists the permission flag categories and flags available in the MapleGather custom role editor, plus the dependency and data-scope rules that govern them.

Flag What it allows
View members Read member records and profiles.
Create members Add new member records.
Edit members Update existing member records.
Export members Download member data exports.
Archive members Archive (soft-delete) member records.
Flag What it allows
View membership levels Read membership level definitions.
Create/edit membership levels Add and update membership level definitions.
Approve/reject applications Act on pending membership applications.
Process renewals Trigger and manage membership renewals.
Flag What it allows
View events Read event records.
Create events Add new events.
Edit events Update existing event details.
Cancel events Cancel a scheduled or active event.
Manage check-ins Record and review event attendance.
Flag What it allows
View billing View payment history and transaction records.
Create invoices Generate and send invoices to members.
Collect payments Charge members or record manual payments.
Issue refunds Refund a transaction.
Export billing data Download billing and transaction data exports.
Flag What it allows
Read campaigns View email campaign records.
Send broadcasts Send or schedule a broadcast email.
Manage segments Create and edit audience segments.
Edit templates Modify email templates.
Configure deliverability Set sender domains, SPF/DKIM, and suppression settings.
Flag What it allows
Read directory View the member-facing directory.
Configure directory instances Add, edit, or remove directory instances.
Manage privacy defaults Set default visibility rules for directory fields.
Flag Scope string
View roles admin:read
Create custom roles admin_users:create_custom_role
Assign roles admin_users:manage_roles
Set data scope admin_users:set_data_scope
View effective permissions admin_users:view_effective_permissions
Revoke admin access admin_users:revoke
Run handovers admin_users:handover
Invite admins admin_users:invite
Flag What it allows
Read integrations View connected integrations and webhook configurations.
Write integrations Add, update, or disconnect integrations and webhooks.
Manage API keys Create and revoke API keys.
Flag What it allows
View dashboard Access the analytics dashboard.
Export reports Download report data.

Some flags require other flags to be meaningful. If you enable a flag without its dependency, the role editor shows an inline warning and offers an Auto-enable dependency action. Examples:

  • “Cancel events” depends on “View events.”
  • “Process renewals” depends on “View membership levels.”

Accept the auto-enable or manually enable the prerequisite flag before saving.

A role assignment can be scoped to specific values of Membership Level, Tag, or Event Category. When a data scope is set, the role holder sees only records that match — out-of-scope records are excluded from query results, not returned as permission errors.

Data scope is set at assignment time, not at role-definition time. The same role definition can be assigned to different admins with different scopes.

A role can be bound to a Tag. Any admin who holds that Tag automatically holds the role’s permissions. The binding is dynamic: permissions change whenever Tag membership changes.