Roles and permissions (clinic-side reference)
How role assignment works, what each role can do, and how to change assignments.
Overview
Each user has one role; the role determines what they can do. The full matrix lives in Clinic roles and permissions; this article covers how to assign and change roles in the app.
Prerequisites
- Owner role (Admin can assign most roles but not Owner; only support can transfer Owner)
Steps
Open Staff. Settings → Staff.
Find the user. Active Members list. Search by name or email.
Click the user row. Detail panel opens.
Click the role dropdown. Options shown depend on your own role — Admin can assign all roles below Admin; Owner can assign Admin too.
Pick the new role. Reason field required.
Confirm. Status updates; user must re-sign-in to see new permissions.
Notify the user. They'll see their role change in their profile but a small banner reminds them to sign out and back in.
Audit the change. Settings → Security → Audit Log shows the role change with old → new and your reason.
Expected outcome
- The user's role updates in the database
- After re-sign-in, their permissions reflect the new role
- Audit log entry preserved
Troubleshooting
| Symptom | Likely cause | Fix |
|---|---|---|
| Owner role greyed | Cannot assign Owner via UI | Owner transfer requires platform support |
| Admin can't promote to Admin | Restricted to existing Admins | Owner needed for first additional Admin |
| Permissions didn't update for the user | They didn't re-sign-in | Tell them to sign out and back in |
| Want a custom role | Only the 11 roles supported | Use the closest fit |
| User can't perform action despite role | Feature flag or tier gate | Cross-check tier; some features need subscription upgrade |