Skip to content

Roles & Permissions

The five roles

Roles are cumulative: every higher role can do everything the lower ones can — plus its own rights.

Guest → Participant → Coordinator → Creator → Org Admin
RoleIntended for
GuestTakes part in a run without an account. Created automatically on joining.
ParticipantLike a guest, but with a permanent account — can continue on other devices and take part in several runs.
CoordinatorRuns the event: start, pause, end, score submissions, send feed messages.
CreatorMaintains the content: rallyes, stations, challenges. Can also do everything a coordinator can.
Org AdminManages the organization: users, roles, settings, legal texts, audit log. Full access.

Who may do what

ActionGuestPart.Coord.CreatorAdmin
Take part in a run, submit answers
Write in your own team chat
Read/write another team's chaton the team's request¹on request¹on request¹
Create, start, pause, end runs
Score submissions, re-open a score
Send feed messages
Create and edit rallyes, stations, challenges
Archive, restore, permanently delete content
Manage users and roles
Organization settings and legal texts
View and export the audit log

¹ Team chats are private. Coordination gains access only once a team asks for it via Request help — including the prior history. Leave chat ends that access again. This applies to every role from coordinator upwards, including org admins. Details: Live monitoring and Chat.

Assigning roles

Roles are assigned under Users via Edit and take effect immediately.

Grant sparingly

Always assign the lowest sufficient role. Someone who only runs events does not need creator rights; someone who only maintains content does not need admin access. This limits the damage if an account is compromised — and is good data-protection practice.

Mandatory 2FA for admins

Org Admins must set up two-factor authentication; the application forces them through that step on their first sign-in. For all other roles 2FA is optional. See 2FA.