Roles
Data Entity
Description
Canonical role catalogue defining the four Meander user roles (Peer Mentor, Coordinator, Organization Admin, Global Admin) and the permission semantics each role carries. Roles are the lookup table joined to users via user_roles to drive RBAC and per-product access boundaries.
Data Structure
| Name | Type | Description | Constraints |
|---|---|---|---|
id |
uuid |
Primary key identifier for the role record. | PKrequiredunique |
role_key |
enum |
Stable machine-readable role identifier used in code and tokens. | requiredunique |
display_name |
string |
Default English display name for the role (e.g. 'Peer Mentor'). | required |
display_name_no |
string |
Norwegian display name (e.g. 'Likeperson', 'Koordinator'). Can be overridden per-org by Organization Labels. | required |
description |
text |
Human-readable description of the role's responsibilities and access scope. | - |
scope |
enum |
Tenant scope the role operates within. Global admins are cross-tenant; the others are bound to a single organization. | required |
mobile_app_access |
boolean |
Whether the role can authenticate into the Meander Mobile App. True for peer_mentor, coordinator, org_admin (surfaced as Coordinator on mobile); false for global_admin. | required |
admin_portal_access |
boolean |
Whether the role can authenticate into the Admin Web Portal. True for org_admin and global_admin; false for peer_mentor and coordinator. | required |
mobile_surface_as |
enum |
When this role logs into mobile, which mobile experience it is rendered as. Org Admins are surfaced as Coordinator on mobile per spec. | - |
permissions |
json |
Permission matrix declaring what the role can do (e.g. proxy_register, approve_expense, manage_users, run_bufdir_export, toggle_modules, cross_tenant_support). | required |
is_system_role |
boolean |
True for the four canonical roles seeded by the platform; prevents deletion/rename. | required |
is_assignable |
boolean |
Whether org admins can assign this role from the admin portal. Global admin is not assignable by org admins. | required |
created_at |
datetime |
Timestamp the role record was created. | required |
updated_at |
datetime |
Timestamp the role record was last updated. | required |
Database Indexes
idx_roles_role_key
Columns: role_key
idx_roles_scope
Columns: scope
idx_roles_assignable
Columns: is_assignable
Validation Rules
role_key_enum
error
Validation failed
role_key_unique
error
Validation failed
scope_matches_role
error
Validation failed
access_flags_consistent
error
Validation failed
display_name_length
error
Validation failed
permissions_valid_json
error
Validation failed
Business Rules
four_canonical_roles
Exactly four system roles exist: peer_mentor, coordinator, org_admin, global_admin. System roles cannot be deleted or have their role_key changed.
global_admin_no_tenant_data
Global Admins have no default access to an organization's operational data; access requires a time-bounded support flag in Organization Settings and is audit-logged.
org_admin_mobile_surfaces_as_coordinator
When an Org Admin logs in to the Mobile App, the session presents them as a Coordinator experience; admin-only capabilities remain exclusively in the Admin Web Portal.
peer_mentor_coordinator_no_admin_portal
Peer Mentor and Coordinator roles cannot authenticate into the Admin Web Portal; they are managed records there but cannot log in.
global_admin_not_assignable_by_org_admin
Org Admins cannot grant the global_admin role; only Norse Digital Products platform staff manage Global Admin assignments.
role_change_audited
Every role assignment, change, or revocation is recorded in the org audit log with actor, target, before/after, and timestamp.