Overview
A Role is a bundle of permissions, set per feature area. This article lists every permission a Role can grant and what each one allows, so you can build a Role that fits a job exactly — nothing missing, nothing extra. For how Roles combine with Location access and User Groups, see How access works in Mobaro.
Users must be Super Users or have one of the following to create and edit Roles:
Roles: Create or Modify, or Organization: Administrate
Why this matters: Granting too much is the most common access mistake. Knowing exactly what each permission unlocks lets you grant the minimum a job needs and keep your access model auditable.
The permission verbs
Most areas share the same four verbs; some add specialized ones.
Verb | What it allows |
View | See and open items in the area. |
Create | Make new items. |
Modify | Edit existing items. |
Delete | Remove items. High impact — grant sparingly. |
Administrate | Full management of an area, used where View/Create/Modify/Delete don't apply cleanly (e.g., Competencies, Assets, Timesheets, Organization). |
Operational content
Area | Permissions |
Checklists | View, Create, Modify, Delete, and Translate (manage a Checklist's secondary-language translations). |
Schedules | View, Create, Modify, Delete. |
Assignments | View, Modify, Delete. |
Results | View, Create, Modify, Delete, plus Validate (approve submitted Results), Validate Missing (approve/reschedule missed Results), and Validate RideOps (validate RideOps Results). |
Result Templates | Create, Modify, Delete (the custom Report templates used when viewing Results). |
Question Categories | View, Create, Modify, Delete. |
Operations and RideOps
Area | Permissions |
Operations | Manage Downtime, Manage Queue Entries, and Manage Dispatch Entries — the live RideOps actions of logging downtime, queue, and dispatches. |
Library, Gallery, and Notes
Area | Permissions |
Directories (Library) | View, Create, Modify, Delete — the Library folders and content (manuals, videos, links). The View: Manuals and Directories permission also governs Backend Library visibility. |
Gallery | View and Categorize (tag/organize Gallery images). |
Notes | View, Modify, Delete, and Approve (clear a Note's pending follow-up). |
Locations and structure
Area | Permissions |
Locations | View, Create, Modify, Delete. |
Location Groups | View, Create, Modify, Delete. |
Note: These permissions manage the Location records. They are not the same as a User's Location access (which Locations they can work in) — that scope comes from User Group membership. Granting broad View Locations as a way to give access is discouraged; use Group membership instead. See How access works in Mobaro.
People and access
Area | Permissions |
Users | View, Create, Modify, Delete — manage Users without needing Super User access. |
User Groups | View, Create, Modify, Delete. |
Roles | View, Create, Modify, Delete — manage other Users' permissions. Treat as high-impact. |
Configuration and administration
Area | Permissions |
Dashboard Templates | Manage — create and edit Dashboard Templates. |
Notification Rules | View, Create, Modify, Delete. |
Competencies | View, and Administrate (manage Competencies, Certifications, and Certification Processes). |
Timesheets | Administrate. |
Assets | Administrate (the Asset Management add-on, including Assignment Definitions). |
Organization | Administrate — manage organization-wide Configuration (Categories, Assignment Definitions, and other account settings). |
Critical: Delete anywhere, and Administrate on Organization, Roles, Users, and Assets, are the highest-impact grants. Reserve them for a small, trusted set of Users and review them regularly.
Frequently asked questions
Q: A User has a permission but still can't act on a specific ride. Why?
A: Permissions are the capability; Location access is the scope. Without access to that Location (usually via a User Group), the permission has nothing to apply to.
Q: What's the difference between Validate, Validate Missing, and Validate RideOps?
A: Validate approves normal submitted Results; Validate Missing approves or reschedules missed Results; Validate RideOps covers RideOps-specific Results. Grant only the ones a reviewer actually handles.
Q: How do I let someone manage Users without making them a Super User?
A: Grant the Users permissions (and Roles if they should manage permissions too) on a Role. That's Role-based User management without unrestricted access.
Q: Do permissions stack across Roles?
A: Yes — a User gets the union (most permissive) of all Roles they hold, directly or through User Groups.