> ## Documentation Index
> Fetch the complete documentation index at: https://withforerunner.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# User roles

> Understand permission levels and control team access in Forerunner

User roles in Forerunner determine what team members can see and do within the application. Each role provides a different level of access, from full administrative capabilities to read-only viewing.

## Permission comparison

Detailed comparison of what each role can do:

| Feature                  | Manager | Member  | Creator  | View Only |
| ------------------------ | ------- | ------- | -------- | --------- |
| View objects and records | Yes     | Yes     | Yes      | Yes       |
| Create records           | Yes     | Yes     | Yes      | No        |
| Edit own records         | Yes     | Yes     | Yes      | No        |
| Edit others' records     | Yes     | Yes     | Limited  | No        |
| Delete records           | Yes     | Yes     | Limited  | No        |
| Upload files             | Yes     | Yes     | Yes      | No        |
| Export data              | Yes     | Yes     | Limited  | Limited   |
| Manage tasks             | Yes     | Yes     | Own only | No        |
| Start workflows          | Yes     | Yes     | Limited  | No        |
| Manage team              | Yes     | No      | No       | No        |
| Invite users             | Yes     | No      | No       | No        |
| View public users        | Yes     | No      | No       | No        |
| Access settings          | Yes     | Limited | Limited  | No        |

## Role hierarchy

Forerunner uses four roles for internal team members, each building on the permissions of the role below it:

| Role          | Description                               | Best for                                              |
| ------------- | ----------------------------------------- | ----------------------------------------------------- |
| **Manager**   | Full access plus team management          | Department heads, supervisors, account administrators |
| **Member**    | Full access to all data and features      | Staff who need complete access to daily work          |
| **Creator**   | Can create and edit records and documents | Field staff, inspectors, data entry personnel         |
| **View Only** | Read-only access to data                  | Stakeholders who need visibility without editing      |

<Note>
  User roles are assigned by Managers or configured by your Customer Success Manager. If you need a different role, contact your supervisor or CSM.
</Note>

## Manager role

Managers have the highest level of access for internal team members. In addition to all standard features, Managers can:

### Team management

* Invite new users to the account
* Assign and change user roles
* Deactivate user accounts
* View team member activity

### Account oversight

* Access all records regardless of creator
* Export data from any table or view
* View audit logs and activity history
* Manage workflow configurations

### Public user management

* View public user accounts
* Search and filter public users
* Export public user data
* Monitor public submissions

<Tip>
  Managers should be limited to those who need administrative oversight. Most team members work effectively with the Member or Creator role.
</Tip>

## Member role

Members have full access to Forerunner's features without team management capabilities:

### Data access

* View all objects, records, files, and tasks
* Create, edit, and delete records
* Upload and manage files
* Assign and complete tasks

### Workflows

* Start and progress workflows
* View workflow status across the team
* Complete assigned workflow steps

### Reporting

* Access all table views
* Create and save custom views
* Export data to CSV and other formats

### Maps

* View all map layers
* Use measurement and analysis tools
* Access offline maps on mobile

**What Members cannot do:**

* Invite or manage other users
* Change user roles
* Access account-level settings
* Manage public users

## Creator role

Creators can add and modify data but have limited access to some features:

### Core capabilities

* Create new records
* Edit records they created
* Upload files and documents
* View objects and properties

### Limited access

* May not have access to all record types
* Cannot delete records created by others
* Limited export capabilities
* Restricted access to sensitive fields (if configured)

**Creator role is ideal for:**

* Field inspectors entering data on-site
* Staff focused on data collection
* Temporary or seasonal workers
* Roles requiring data input without broad access

## View Only role

View Only users can see data without making changes:

### Access

* View objects, properties, and records
* Browse tables and use filters
* View files and documents
* See map layers and visualizations

### Restrictions

* Cannot create or edit records
* Cannot upload files
* Cannot assign or complete tasks
* Cannot export data (in most configurations)

**View Only role is ideal for:**

* Executives needing oversight
* Partner organizations requiring visibility
* Auditors reviewing documentation
* Staff in training

## User groups

Beyond roles, Forerunner supports user groups for more granular permission control:

### What user groups control

* Access to specific record types
* Visibility of certain workflows
* Permissions for particular features
* Assignment of tasks and notifications

### Common user group examples

* **Floodplain Team** - Access to EC reviews, SI/SD tracking, permit records
* **Inspectors** - Access to inspection records and mobile features
* **Emergency Management** - Access to PDA and damage assessment records
* **Planning** - Access to development review and planning records

<Note>
  User groups are created and configured by your Customer Success Manager. Contact your CSM to discuss group-based permissions for your team.
</Note>

## Managing users

### Inviting new users

Managers can invite new team members:

<Steps>
  <Step title="Open team settings">
    Navigate to **Settings** and select **Team** or **Users**.
  </Step>

  <Step title="Click invite">
    Select **Invite User** or **Add Team Member**.
  </Step>

  <Step title="Enter user details">
    Provide the new user's:

    * Email address
    * First and last name
    * Role assignment
    * User group membership (if applicable)
  </Step>

  <Step title="Send invitation">
    Click **Send Invite**. The user receives an email with instructions to set up their account.
  </Step>
</Steps>

### Changing user roles

To modify a team member's role:

<Steps>
  <Step title="Access user settings">
    Navigate to **Settings** > **Team** and find the user.
  </Step>

  <Step title="Edit user">
    Click on the user or select **Edit**.
  </Step>

  <Step title="Update role">
    Select the new role from the dropdown.
  </Step>

  <Step title="Save changes">
    Confirm the change. The new permissions take effect immediately.
  </Step>
</Steps>

<Warning>
  Changing a user's role immediately affects their access. Verify you're selecting the correct role before saving.
</Warning>

### Deactivating users

When a team member leaves or no longer needs access:

<Steps>
  <Step title="Find the user">
    Navigate to **Settings** > **Team** and locate the user.
  </Step>

  <Step title="Deactivate">
    Select **Deactivate** or toggle the user's active status.
  </Step>

  <Step title="Confirm">
    Confirm the deactivation. The user immediately loses access.
  </Step>
</Steps>

<Note>
  Deactivated users cannot sign in but their historical data and activity remain in the system. Contact your CSM if you need to fully remove a user account.
</Note>

## Best practices

### Assign appropriate roles

* Start with the minimum access needed for the job
* Promote to higher roles as responsibilities grow
* Regularly review role assignments

### Use groups for granular control

* Create groups based on job function
* Assign record type access through groups
* Use groups for workflow permissions

### Maintain security

* Limit Manager access to essential personnel
* Deactivate users promptly when they leave
* Review user access quarterly

### Document your structure

* Keep a record of who has what role
* Document the purpose of each user group
* Maintain onboarding procedures for new users

## Troubleshooting

<AccordionGroup>
  <Accordion title="User can't access certain records">
    **Check:**

    * User's role permits viewing those records
    * User belongs to a group with access
    * Record type permissions include their group

    **Solution:**
    Contact your Manager or CSM to adjust group membership or permissions.
  </Accordion>

  <Accordion title="User can't create specific record types">
    **Check:**

    * User's role permits creating records
    * Record type allows creation by their group
    * User has access to the parent object

    **Solution:**
    Verify the user has Creator role or higher, and confirm their group has create permission for that record type.
  </Accordion>

  <Accordion title="Manager features not appearing">
    **Check:**

    * Your account is assigned the Manager role
    * You're signed in to the correct account
    * The feature is enabled for your account

    **Solution:**
    Contact your CSM to verify your role assignment or enable the feature.
  </Accordion>

  <Accordion title="Need to change multiple users at once">
    **Solution:**
    Contact your Customer Success Manager for bulk user updates. They can efficiently process role changes, group assignments, or deactivations for multiple users.
  </Accordion>
</AccordionGroup>

## Related topics

* [Authentication](/administration/authentication/overview) - Sign in and secure your account
* [Account settings](/administration/account-settings) - Manage your profile and preferences
* [Data security](/administration/data-security) - Understand how Forerunner protects your data
