Roles & Permissions
The five roles
Roles are cumulative: every higher role can do everything the lower ones can — plus its own rights.
Guest → Participant → Coordinator → Creator → Org Admin| Role | Intended for |
|---|---|
| Guest | Takes part in a run without an account. Created automatically on joining. |
| Participant | Like a guest, but with a permanent account — can continue on other devices and take part in several runs. |
| Coordinator | Runs the event: start, pause, end, score submissions, send feed messages. |
| Creator | Maintains the content: rallyes, stations, challenges. Can also do everything a coordinator can. |
| Org Admin | Manages the organization: users, roles, settings, legal texts, audit log. Full access. |
Who may do what
| Action | Guest | Part. | Coord. | Creator | Admin |
|---|---|---|---|---|---|
| Take part in a run, submit answers | ✓ | ✓ | ✓ | ✓ | ✓ |
| Write in your own team chat | ✓ | ✓ | ✓ | ✓ | ✓ |
| Read/write another team's chat | on the team's request¹ | on request¹ | on request¹ | ||
| Create, start, pause, end runs | ✓ | ✓ | ✓ | ||
| Score submissions, re-open a score | ✓ | ✓ | ✓ | ||
| Send feed messages | ✓ | ✓ | ✓ | ||
| Create and edit rallyes, stations, challenges | ✓ | ✓ | |||
| Archive, restore, permanently delete content | ✓ | ||||
| Manage users and roles | ✓ | ||||
| Organization settings and legal texts | ✓ | ||||
| View and export the audit log | ✓ |
¹ Team chats are private. Coordination gains access only once a team asks for it via Request help — including the prior history. Leave chat ends that access again. This applies to every role from coordinator upwards, including org admins. Details: Live monitoring and Chat.
Assigning roles
Roles are assigned under Users via Edit and take effect immediately.
Grant sparingly
Always assign the lowest sufficient role. Someone who only runs events does not need creator rights; someone who only maintains content does not need admin access. This limits the damage if an account is compromised — and is good data-protection practice.
Mandatory 2FA for admins
Org Admins must set up two-factor authentication; the application forces them through that step on their first sign-in. For all other roles 2FA is optional. See 2FA.