Permissions Reference
A complete role and permission matrix for Enafeedback workspace members.
Last updated on
Enafeedback uses role-based access control (RBAC). Each team member is assigned one of three roles.
Roles
| Role | Intended for |
|---|---|
platform:owner | Organisation owner; full control |
platform:admin | Department manager; day-to-day operations |
platform:member | Frontline staff; read-only operational access |
Permission matrix
| Feature area | owner | admin | member |
|---|---|---|---|
| Dashboard | View | View | View |
| Locations — View | ✓ | ✓ | ✓ |
| Locations — Create / Edit | ✓ | ✓ | — |
| Locations — Delete / Deactivate | ✓ | ✓ | — |
| Surveys — View | ✓ | ✓ | ✓ |
| Surveys — Create / Edit / Publish | ✓ | ✓ | — |
| Surveys — Delete | ✓ | ✓ | — |
| Surveys — Analytics | ✓ | ✓ | ✓ |
| Feedback / Tickets — View | ✓ | ✓ | ✓ |
| Feedback / Tickets — Add notes / Close | ✓ | ✓ | ✓ |
| Hygiene — View | ✓ | ✓ | ✓ |
| Cleaning — View log | ✓ | ✓ | ✓ |
| Cleaning — Manage personnel | ✓ | ✓ | — |
| Analytics — All modules | ✓ | ✓ | ✓ |
| AI Insights — Generate | ✓ | ✓ | — |
| Notifications — View | ✓ | ✓ | ✓ |
| Templates — Create / Edit | ✓ | ✓ | — |
| Templates — View / Download | ✓ | ✓ | ✓ |
| Team — View list | ✓ | — | — |
| Team — Invite / Remove | ✓ | — | — |
| Team — Change roles | ✓ | — | — |
| Global Settings — View | ✓ | ✓ | — |
| Global Settings — Edit | ✓ | ✓ | — |
| Billing / Subscription | ✓ | — | — |
| Audit Log | ✓ | — | — |
| Integrations / Webhooks | ✓ | ✓ | — |
Notes
platform:memberis a read-oriented role. Members see live data and can add notes to tickets but cannot change configuration.platform:admincannot manage team membership — this is reserved for owners to maintain accountability.- Only one role can be assigned at a time. There is no role inheritance or role stacking.
- On Enterprise plans, location-scoped access control is available (restrict a member to specific buildings). Contact support to enable this.
Personal settings vs. workspace settings
All team members (regardless of role) can:
- Update their own profile photo and display name.
- Change their notification preferences.
- Change their dashboard language.
- Change their own password (via the SSO provider).
These are personal settings and do not require elevated permissions.