# Roles & Permissions CSP Connect uses role-based access control to determine what each user can see and do within the platform. Roles are assigned per user from the admin panel. ## Role overview | Role | Access level | Primary use | | :--- | :--- | :--- | | **Admin** | Full access | Platform configuration, user management, all events and sessions | | **Manager** | Full operational access | Managing assigned events and sessions, workforce oversight | | **Supervisor** | Read-only | Observing sessions, attendance, and worker profiles without making changes | | **Finance** | Finance access | Managing role rates, exporting finance and payroll CSVs across events and sessions | --- ## Admin Admins have full access to all platform features including configuration, user management, alert setup, payroll, and all events and sessions regardless of assignment. --- ## Manager Managers have full operational access to events and sessions they are assigned to. They can manage workers, review attendance, approve payroll, and configure alerts. Managers cannot access platform-level configuration settings. --- ## Supervisor Supervisors have **read-only access** across the platform. They can view: - Sessions and events - Attendance records - Worker profiles - The dashboard Supervisors can be assigned to specific sessions with date-scoped access. They cannot make any changes — no check-ins, checkouts, approvals, edits, or configuration actions are available to them. ### GDPR data masking To protect worker privacy, the following data is masked for all Supervisor accounts: | Field | What Supervisors see | | :--- | :--- | | **GDPR details** | Fully hidden | | **Email addresses** | Fully hidden | | **Cellphone numbers** | Last 3 digits only (e.g. ••• ••• 412) | --- ## Finance :badge[New]{variant="success"} Users with the Finance role have access to **Events & Sessions** and the **Dashboard** with a finance-scoped view. From there they can: - View event-level rate breakdowns navigable by month - Manage role rates - Export finance and payroll CSVs The Finance role replaces the previous Client role. --- ## Assigning roles Roles are assigned from the admin panel under **User Management**. Only admins can assign or change user roles.