Overview
Most access questions in Mobaro — "why can't this person see that ride?", "why can they edit Schedules everywhere?" — come down to four building blocks working together: Super User, Roles, Location access, and User Groups. They're easy to confuse because they overlap in everyday speech but do different jobs. This article is the mental model that ties them together.
The mental model: Super User = everything, everywhere (an override). A Role = what a User can do. Location access = where they can do it. A User Group = a way to bundle Users — for assignments, notifications, and granting Location access — and it can also carry a Role.
The four building blocks
Building block | What it controls |
Super User | Unrestricted access to everything across every Organization on the account. An override that ignores Roles and Location scope. Granted only through Mobaro Support. |
Role | The what — which actions a User can perform (View, Create, Modify, Delete, Administrate) on each feature area (Checklists, Schedules, Assignments, Results, Users, and so on). |
Location access | The where — which Locations a User can see and act on. A Role grants the capability; Location access decides which Locations that capability applies to. |
User Group | A named bundle of Users. Used to route Assignments and Notifications, to grant Location access at scale, and — when a Group is listed on a Role — to grant that Role to all its members. |
How the pieces combine
To decide whether a User can perform an action on something at a Location, Mobaro effectively asks:
Is the User a Super User? → they can do it. Stop.
Otherwise: does one of their Roles grant that action and do they have Location access to the target Location? → they can do it.
If either the action or the Location access is missing → they can't.
Two rules make the rest predictable:
Permissions union. A User holding several Roles (directly or through Groups) gets the broadest combination — the most permissive setting wins.
Capability and scope are separate. A Role can grant Modify Schedules, but the User can only modify Schedules they have access to.
Note: This is the single most common confusion — "I gave them the Role but they still can't see the ride." The Role grants the capability; Location access (usually inherited from a User Group) grants the scope. You almost always need both.
Example: a maintenance technician on the East zone
Scenario
Maria is a maintenance technician who should complete and act on work for the East-zone rides only.
Setup
She holds the Maintenance Technician Role (View/Modify on Assignments and Checklists; no Schedule or User management).
She's a member of the Maintenance — East User Group, which carries access to the East-zone Locations.
Result
Maria can complete and update Assignments and Checklists on East-zone rides, is routed East-zone Assignments through her Group, and can't see West-zone Locations or edit anyone's permissions. Move her to the West Group and her scope shifts — no Role change needed.
Where to go next
Super User access vs Roles — when to use the unrestricted override vs a scoped Role.
User Groups vs Roles — the "what" vs "where/with whom" distinction in depth.
How to set up Roles — building a Role step by step.
Role permissions reference — every permission and what it allows.
Frequently asked questions
Q: I assigned the right Role but the User still can't see a Location. Why?
A: They're missing Location access to it. Add them to a User Group that carries that Location (the recommended way), or grant access directly. The Role is the capability; Location access is the scope.
Q: Does a User Group grant permissions?
A: Not on its own. A User Group grants permissions only when it's listed on a Role — then every member inherits that Role. Otherwise Groups handle assignment, notifications, and Location access.
Q: A User has two Roles that disagree. Which wins?
A: Permissions union — the most permissive setting across all their Roles applies.
Q: Does a Super User need Roles or Location access?
A: No. Super User is an unrestricted override across all Organizations and ignores Role and Location scope entirely.