R.APPs Partners LogoSlash

R.APPs Partners

Slash

Docs

HomeDocs
User GuideDonationsCallsReportsSettingsAuthenticationBackend

RBAC Admins

Manage organization membership and unified role assignments

Open in R.APPs

Overview

RBAC Admins manages users who have access to the Partners app. This page handles organization-level membership (Better-Auth) and optionally assigns custom RBAC roles with scoping in a single unified interface.

This is ONE of FOUR user-role assignment interfaces. For scope-specific assignments, see the dedicated pages for Campus Roles, Event Roles, and Event Edition Roles.

What is an RBAC Admin?

An RBAC Admin is a user who has been granted access to the Partners app through:

  1. Organization Membership (Required): Base access via Better-Auth
  2. Custom RBAC Assignment (Optional): Additional scoped permissions

This unified approach allows you to set up complete user access in one place.

Viewing RBAC Admins

The RBAC Admins page displays all users with system access:

  • User name and email
  • Organization role (Guest, Partner, Admin, Superadmin)
  • Custom RBAC role (if assigned)
  • Scope type (Campus, Event, Event Edition)
  • Scope details (which campuses/events/editions)
  • Active status
  • Expiration date (if set)
  • Actions (View, Edit, Delete)

Filtering Options

  • Organization Role: Filter by Guest, Partner, Admin, Superadmin
  • Custom Role: Filter by specific RBAC role
  • Scope Type: Campus, Event, Event Edition
  • Active Status: Active or inactive assignments
  • Expired: Show expired vs. current assignments

Understanding the Two-Tier System

Tier 1: Organization Role (Required)

RHEMA NIGERIA PARTNERS Organization

Every user must have one organization role:

  • Guest: Read-only access, minimal permissions
  • Partner: Standard user, can view and create data
  • Admin: Administrative access, can manage data and some settings
  • Superadmin: Full system control (use sparingly!)

Characteristics:

  • Organization-wide access
  • Not scoped to specific campuses/events
  • Managed through Better-Auth
  • Foundation for all access

Tier 2: Custom RBAC (Optional)

Granular, Context-Specific Permissions

Optionally assign:

  • Specific role (Campus Coordinator, Event Lead, etc.)
  • Scope (which campuses, events, or event editions)
  • Expiration date (for temporary access)
  • Assignment reason (audit trail)

When to Use Custom RBAC:

  • Location-based responsibilities (campus coordinator)
  • Event-specific roles (event volunteer)
  • Temporary assignments (seasonal staff)
  • Fine-grained access control

Creating an RBAC Admin

Step 1: Open Create Dialog

  1. Navigate to Backend > RBAC Admins
  2. Click "Create RBAC Admin"

Step 2: User Information

Select User* (Required):

  • Search by name or email
  • Select from existing users
  • User must already have an account
If the user doesn't exist, they need to register/sign up first.

Step 3: Organization Role Assignment

Organization (Read-only):

  • Shows: "RHEMA NIGERIA PARTNERS"
  • Cannot be changed (default organization)

Organization Role* (Required):

Choose the base access level:

RoleAccess LevelUse For
GuestRead-onlyExternal reviewers, limited access
PartnerStandardIndividual and corporate donors
AdminAdministrativeDepartment leads, staff, volunteers, coordinators
SuperadminFull controlTechnical administrators only

Most users should be "Partner" (standard access) or "Admin" (managerial access). Reserve "Superadmin" for 1-2 technical administrators.

Step 4: Custom RBAC Assignment (Optional)

Toggle "Enable Custom RBAC" to add scoped permissions.

When Enabled:

Role* (Required):

  • Select from available active roles
  • Shows role name, level, and description
  • Example: "Campus Coordinator (Level 45)"

Scope Type* (Required):

Choose how to limit this role's access:

  • Campus-scoped: Access limited to specific campuses
  • Event-scoped: Access limited to specific events
  • Event Edition-scoped: Access limited to specific event editions

Scope Selection* (Required):

Based on scope type selected:

  • Campus: Select one or more campuses (multi-select)
  • Event: Select one or more events (multi-select)
  • Event Edition: Select one or more event editions (multi-select)

Active Status:

  • Toggle ON: Role is immediately active
  • Toggle OFF: Suspend access without deleting
  • Default: ON

Valid Until (Optional):

  • Set expiration date for temporary access
  • Leave empty for permanent access
  • Auto-deactivates on expiration date
  • Cannot set past dates

Assignment Reason (Optional but Recommended):

  • Explain why access is being granted
  • Useful for audits and reviews
  • Examples:
    • "Campus Coordinator for Lagos campus"
    • "Temporary volunteer for Summer Retreat 2024"
    • "Promoted from volunteer to coordinator"

Always provide an assignment reason. Future administrators will thank you!

Step 5: Save

Click "Create RBAC Admin" to save.

Assignment Examples

Example 1: Standard Staff Member

Scenario: Regular staff member with no special scoping needs

Configuration:

  • User: John Doe
  • Organization Role: Partner
  • Custom RBAC: Disabled

Result: John has standard partner access across the entire system.

Example 2: Campus Coordinator

Scenario: Staff managing a specific campus

Configuration:

  • User: Jane Smith
  • Organization Role: Partner
  • Custom RBAC: Enabled
    • Role: Campus Coordinator
    • Scope Type: Campus
    • Scope: Lagos Campus, Abuja Campus
    • Valid Until: (empty - permanent)
    • Reason: "Regional Coordinator for South Region"

Result: Jane can manage partners and activities for Lagos and Abuja campuses only.

Example 3: Temporary Event Volunteer

Scenario: Volunteer helping with a specific event edition

Configuration:

  • User: Mike Johnson
  • Organization Role: Guest
  • Custom RBAC: Enabled
    • Role: Event Volunteer
    • Scope Type: Event Edition
    • Scope: Summer Retreat 2024
    • Valid Until: 2024-08-31
    • Reason: "Volunteer for Summer Retreat 2024 (July-August)"

Result: Mike has volunteer access for Summer Retreat 2024 only, expires August 31.

Example 4: System Administrator

Scenario: Technical administrator needing full access

Configuration:

  • User: Sarah Admin
  • Organization Role: Superadmin
  • Custom RBAC: Disabled

Result: Sarah has complete system access. No custom RBAC needed.

Editing RBAC Admins

  1. Find the user in the table
  2. Click Edit button
  3. Update any fields:
    • Change organization role
    • Enable/disable custom RBAC
    • Change role or scope
    • Update expiration date
    • Modify assignment reason
  4. Click "Update" to save

Changes to organization role or custom RBAC affect user access immediately. Notify the user before making changes.

Viewing Admin Details

Click View to see complete information:

  • Full user details
  • Organization membership
  • Custom RBAC configuration
  • All assigned scopes
  • Assignment history
  • Related activity (if available)

Removing Access

Temporary Suspension

Deactivate (Recommended):

  1. Edit the admin
  2. Toggle Active Status to OFF
  3. Save

Benefits:

  • Preserves assignment record
  • Can be reactivated later
  • Maintains audit trail

Permanent Removal

Delete:

  1. Click Delete button
  2. Confirm deletion

Consequences:

  • Completely removes assignment
  • User loses all access
  • Cannot be undone
  • Historical data may be affected

Use deactivation for temporary situations (leave, suspension). Use deletion only for permanent removal.

Relationship with Other Assignment Pages

RBAC Admins (This Page)

Purpose: Unified interface for complete user setup

Use When:

  • Adding new users to the system
  • Setting up complete access in one place
  • Managing organization membership
  • Assigning scoped roles during onboarding

User-Campus-Roles

Purpose: Dedicated campus-specific role management

Use When:

  • Managing multiple campus assignments for a user
  • Focus is on campus-based access control
  • Bulk campus role assignments

Learn more →

User-Event-Roles

Purpose: Dedicated event-specific role management

Use When:

  • Managing event-based permissions
  • Event team organization
  • Cross-event role assignments

Learn more →

User-Event-Edition-Roles

Purpose: Dedicated event edition-specific management

Use When:

  • Year/edition-specific assignments
  • Temporary event staff
  • Historical access tracking

Learn more →

You can use RBAC Admins for complete setup, OR use the dedicated pages for managing specific scope types. Both approaches work!

Best Practices

Organization Role Selection

  1. Default to Partner: Most users should be Partners
  2. Admin for Leads: Department leads and managers
  3. Limit Superadmin: Only 1-2 technical administrators
  4. Guest for External: Reviewers, auditors, read-only access

Custom RBAC Strategy

  1. Use When Needed: Not every user needs custom RBAC
  2. Start Simple: Add scoping only when required
  3. Document Reasons: Always explain assignments
  4. Set Expirations: For temporary staff and volunteers

Security

  1. Principle of Least Privilege: Minimal necessary access
  2. Regular Audits: Monthly review of RBAC admins
  3. Remove Inactive: Delete or deactivate unused accounts
  4. Track Changes: Maintain assignment reason history

Common Questions

Q: What's the difference between this page and the User-Campus-Roles page?

A: RBAC Admins is a unified interface for complete setup (organization + optional custom RBAC). User-Campus-Roles is dedicated to managing campus-specific assignments only.

Q: Can I assign a user through RBAC Admins and also through User-Campus-Roles?

A: Yes! A user can have an RBAC Admin entry (organization role + optional unified RBAC) AND separate entries in User-Campus-Roles, User-Event-Roles, etc.

Q: Which page should I use?

A: For new users, use RBAC Admins for complete setup. For managing existing campus/event assignments, use the dedicated pages. Both are valid approaches.

Q: Can a user have multiple scope types?

A: In the RBAC Admins unified interface, you select ONE scope type. To assign multiple scope types, use the dedicated User-Campus-Roles, User-Event-Roles pages separately.

Q: What happens when custom RBAC expires?

A: The user keeps their organization role but loses the scoped custom permissions. They revert to base organization access level.

Q: Can I skip organization role and only assign custom RBAC?

A: No, organization role is required. Custom RBAC is always additional on top of organization membership.

Role-Permission Assignments

Connect roles with permissions

User-Campus-Roles

Manage campus-specific role assignments

On this page

Overview
What is an RBAC Admin?
Viewing RBAC Admins
Filtering Options
Understanding the Two-Tier System
Tier 1: Organization Role (Required)
Tier 2: Custom RBAC (Optional)
Creating an RBAC Admin
Step 1: Open Create Dialog
Step 2: User Information
Step 3: Organization Role Assignment
Step 4: Custom RBAC Assignment (Optional)
When Enabled:
Step 5: Save
Assignment Examples
Example 1: Standard Staff Member
Example 2: Campus Coordinator
Example 3: Temporary Event Volunteer
Example 4: System Administrator
Editing RBAC Admins
Viewing Admin Details
Removing Access
Temporary Suspension
Permanent Removal
Relationship with Other Assignment Pages
RBAC Admins (This Page)
User-Campus-Roles
User-Event-Roles
User-Event-Edition-Roles
Best Practices
Organization Role Selection
Custom RBAC Strategy
Security
Common Questions
Related Topics