This page lists the permission flag categories and flags available in the MapleGather custom role editor, plus the dependency and data-scope rules that govern them.
| Flag |
What it allows |
| View members |
Read member records and profiles. |
| Create members |
Add new member records. |
| Edit members |
Update existing member records. |
| Export members |
Download member data exports. |
| Archive members |
Archive (soft-delete) member records. |
| Flag |
What it allows |
| View membership levels |
Read membership level definitions. |
| Create/edit membership levels |
Add and update membership level definitions. |
| Approve/reject applications |
Act on pending membership applications. |
| Process renewals |
Trigger and manage membership renewals. |
| Flag |
What it allows |
| View events |
Read event records. |
| Create events |
Add new events. |
| Edit events |
Update existing event details. |
| Cancel events |
Cancel a scheduled or active event. |
| Manage check-ins |
Record and review event attendance. |
| Flag |
What it allows |
| View billing |
View payment history and transaction records. |
| Create invoices |
Generate and send invoices to members. |
| Collect payments |
Charge members or record manual payments. |
| Issue refunds |
Refund a transaction. |
| Export billing data |
Download billing and transaction data exports. |
| Flag |
What it allows |
| Read campaigns |
View email campaign records. |
| Send broadcasts |
Send or schedule a broadcast email. |
| Manage segments |
Create and edit audience segments. |
| Edit templates |
Modify email templates. |
| Configure deliverability |
Set sender domains, SPF/DKIM, and suppression settings. |
| Flag |
What it allows |
| Read directory |
View the member-facing directory. |
| Configure directory instances |
Add, edit, or remove directory instances. |
| Manage privacy defaults |
Set default visibility rules for directory fields. |
| Flag |
Scope string |
| View roles |
admin:read |
| Create custom roles |
admin_users:create_custom_role |
| Assign roles |
admin_users:manage_roles |
| Set data scope |
admin_users:set_data_scope |
| View effective permissions |
admin_users:view_effective_permissions |
| Revoke admin access |
admin_users:revoke |
| Run handovers |
admin_users:handover |
| Invite admins |
admin_users:invite |
| Flag |
What it allows |
| Read integrations |
View connected integrations and webhook configurations. |
| Write integrations |
Add, update, or disconnect integrations and webhooks. |
| Manage API keys |
Create and revoke API keys. |
| Flag |
What it allows |
| View dashboard |
Access the analytics dashboard. |
| Export reports |
Download report data. |
Some flags require other flags to be meaningful. If you enable a flag without its dependency, the role editor shows an inline warning and offers an Auto-enable dependency action. Examples:
- “Cancel events” depends on “View events.”
- “Process renewals” depends on “View membership levels.”
Accept the auto-enable or manually enable the prerequisite flag before saving.
A role assignment can be scoped to specific values of Membership Level, Tag, or Event Category. When a data scope is set, the role holder sees only records that match — out-of-scope records are excluded from query results, not returned as permission errors.
Data scope is set at assignment time, not at role-definition time. The same role definition can be assigned to different admins with different scopes.
A role can be bound to a Tag. Any admin who holds that Tag automatically holds the role’s permissions. The binding is dynamic: permissions change whenever Tag membership changes.