Skip to content

View effective permissions for an admin

This guide shows you how to see exactly what an admin can do — broken down by action and by which role grants each permission.

Who can do this: Admins who have permission to view effective permissions for other admins.

  • Effective permissions are the combined result of all roles assigned to an admin. If any role grants an action, the admin can do it.
  • If a role is bound to a Tag and this admin holds that Tag, those permissions appear here too, labeled with the tag name.
  • This view is read-only. To change permissions, assign or remove roles on the Roles tab.
  1. Go to Admin & SecurityAdmins.
  2. Click the name of the admin you want to review.
  3. Click the Permissions tab (labeled “Permissions”; it shows the effective-permissions matrix).

The permissions matrix loads and shows:

  • A row for each action across all areas of the product
  • A column for each role assigned to this admin
  • A checkmark in each cell where a role grants that action
  • Any active data scope filters (membership level, tag, or event category) shown per role

If you see a note about a conflict, it means one role restricts an action while another grants it. MapleGather resolves this in favor of access — if any role grants an action, the admin can do it. An information note in the matrix explains which role is providing the grant.

  1. On the Roles tab, scroll to the Audit log — role changes section.

The log shows role-grant and role-revoke events for this admin. Events from tag-based group bindings appear with a note like “Granted via Tag: [tag name].”

You’ll know it worked when the Permissions tab shows a matrix of actions and the roles that grant them.

  • The matrix takes a long time to load — Try refreshing the page. If it continues, contact MapleGather support.
  • An expected permission isn’t showing — Check the Roles tab to confirm the role is still assigned. Tag-based roles only appear if the admin holds the Tag that is bound to the role.
  • “Granted via Tag” appears unexpectedly — The admin holds a Tag that is bound to a role. To remove the tag-based grant, either remove the admin from the Tag or unbind the Tag from the role in Admin & SecurityRoles.