Roles & Permissions

Enterprise role-permission matrix -- 10 roles, 10 permission categories, full override and audit rules

System Roles

DesignDesk defines 10 roles. Each user is assigned exactly one base role. Per-project overrides can extend permissions on specific projects.

Owner

owner
Team Web

Business owner. Full access to everything with override authority on all systems. Final escalation point.

Screens

DashboardPipelineClientsProjectsQuotesTasksInvoicesAnalyticsAdmin CatalogAdmin PackagesAdmin TeamAdmin RolesAdmin Settings

Ops Admin

ops_admin
Team Web

Operations manager. Day-to-day project operations, overrides, escalation handling, and team management.

Screens

DashboardPipelineClientsProjectsQuotesTasksInvoicesAnalyticsAdmin PackagesAdmin Team

Sales

sales
Team Web

Sales executive. Manages leads through pipeline, builds and shares quotes, converts leads to projects, maintains client relations.

Screens

DashboardPipelineClients (own)Projects (own)Quotes (own)

Designer

designer
Designer Studio

Architect / interior designer. Creates design concepts, manages drawings, reviews and responds to briefs, handles RFIs on design matters.

Screens

Designer DashboardProject BriefsConceptsDrawingsRFIs (design)

Project Manager

pm
Team Web

Day-to-day project oversight. Approves drawings, passes stage gates, manages RFIs, triages defects, and controls material overrides.

Screens

DashboardProjectsTasksInvoices (own projects)AnalyticsDPRsRFIsDefects

Site Engineer

site_engineer
Team Web (mobile-optimized)

On-ground construction engineer. Submits DPRs, raises RFIs, reports and triages defects. Mobile-first workflow.

Screens

Projects (own)DPR EntryDrawings (approved)Tasks (own)RFIsDefects

Finance

finance
Team Web

Accounts and billing. Creates invoices, records payments, tracks revenue, manages payment schedules, and handles financial reporting.

Screens

InvoicesProjects > MoneyAnalytics (revenue)Payment Schedules

Viewer

viewer
Team Web

Read-only stakeholder. Can view all data across projects but cannot make any changes or mutations.

Screens

All pages (read-only)

Subcontractor

subcontractor
Team Web (mobile-optimized)

External trade worker. Limited to assigned projects only. Can view approved drawings, flag defects, and receive WhatsApp updates.

Screens

Assigned ProjectsDrawings (approved, own)DPR (view, own)Defects (report, own)

Client (Homeowner)

client_app_user
Flutter Mobile

Homeowner on the Flutter mobile app. Views own project, selects materials, approves concepts, pays invoices, reports defects.

Screens

HomeTimelineMaterialsPaymentsDrawingsDefectsDocumentsWarrantiesReferrals

Role Hierarchy & Workflow Map

Visual node graph showing reporting lines, handoff flows, and client interactions. Click any role node for details. Scroll to zoom. Drag to pan.

Mini Map

Legend

Reports to
Handoff flow
Client interaction

Click a node for details. Scroll to zoom.

Role Hierarchy

1
Owner
2
Ops Admin
3
Departments
4
Field / External
React Flow

Sub-Personas & Role Levels

Each role has 3-4 levels (Junior, Mid, Senior, Lead) that control permission scope within the role. A Junior Sales can log calls but can't build quotes. A Sales Lead can also assign leads to team members.

JuniorMidSeniorLead
JuniorSales Trainee

Anand, 22 — Fresh graduate, first sales job

Android phoneTech: Medium4h/day

Can Do

  • View pipeline
  • Create lead
  • Log calls
  • View client detail

Restricted

  • Build quote
  • Share quote
  • Move past qualified
  • Mark dead
  • Assign
MidSales Executive

Karthik, 28 — Two years tenure, manages 30 leads

Android phone + laptopTech: High8h/day

Can Do

  • View pipeline
  • Create lead
  • Move stage
  • Mark dead
  • Log calls
  • View client
  • Build quote
  • Share quote
  • Create project

Restricted

  • Assign lead
  • Revive dead
  • View all clients
SeniorSenior Sales

Deepa, 35 — Top performer, high-value clients

iPhone + laptopTech: High10h/day

Can Do

  • All mid permissions
  • Revive dead
  • View all clients

Restricted

  • Assign lead
LeadSales Manager

Ravi, 40 — Ex-builder, knows every objection

Laptop + tabletTech: High10h/day

Can Do

  • Everything including Assign lead
  • View team metrics
No restrictions

Permission Matrix

Complete action-level permissions across all 10 roles. Each tab represents a functional area. Scroll horizontally to see all role columns.

ActionOwnerAdminSalesDesignPMEngrFinanceViewSubClient
View pipelineOwn
Create lead
Move lead stageOwn
Mark dead/lostOwn
Revive dead lead
Assign lead
View client detailOwnOwn
Log calls/notesOwn

8 permissions in Pipeline & CRM

Full access No accessOwn Own data / projects onlyReq Request only (needs approval) Not applicable

Role Relationship Map

How the 10 roles interact across the project lifecycle, from lead qualification to post-handover.

Lead
qualified by
Sales
Sales
converts to project for
PM
PM
assigns design work to
Designer
Designer
uploads concepts & drawings for
Client
Client
approves concepts, selects materials, pays
PM
PM
passes stage gates, triggers invoice via
Finance
PM
coordinates site execution with
Site Engineer
Site Engineer
submits DPRs, manages on-ground work with
Subcontractor
Subcontractor
executes trade work per DPR from
Site Engineer
Owner / Ops Admin
oversees everything, handles overrides for
All Roles
Viewer
observes all data across
All Projects

Lifecycle summary

LeadSales qualifiesPM managesDesigner createsClient decidesFinance invoicesSite Engineer buildsSubcontractor executesHandover

Per-Project Role Overrides

Users can be granted a different role on a specific project without changing their base role.

How it works

A user's base role applies globally. Per-project overrides grant additional permissions on specific projects. The override role's permissions are merged (union) with the base role for that project only. Overrides do not remove any base-role permissions.

UserBase RoleOverride RoleProject
Karthik
Sales
PM
Vijay's Villa
Priya
Designer
PM
Kumar's Apartment
Ramesh
Site Engineer
PM
Lakshmi's Renovation
Ananya
PM
Finance
Mehta's Penthouse

Who can grant

Owner
Ops Admin

Requirements

  • Reason is mandatory
  • Optional expiry date
  • One override per user per project

Audit

  • Every grant/revoke is audit logged
  • Expired overrides auto-revoke
  • History visible in Admin > Team

Override Rules

Every automated behavior has a manual override. All overrides write an audit_log row with the actor, reason, timestamp, and affected entity.

Auto-BehaviorWho Can OverrideAudit Required
Material lock on stage completionPM, Admin, Owner
Reason + expiry
Invoice auto-create on gate passFinance, Admin
Yes
Gating state escalationAdmin, Owner
Yes
Defect SLA classificationEngineer, PM
Yes
Warmth score computationAdmin, Owner
Reason required
Bolna auto-call on leadSales, Admin
Yes
Design brief lock on submitPM, Admin
Yes
Concept lock by clientAdmin only
Special reason
Drawing supersede on approvalAdmin only
Yes
Referral credit on conversionFinance
Yes
Warranty duration by tierAdmin
Yes
Payment schedule auto-generationFinance, Admin, Owner
Reason required
Stage gate auto-block on overduePM, Admin, Owner
Yes
DPR submission deadline enforcementAdmin, Owner
Reason required
Notification channel defaultsAdmin, Owner
Yes

Family Member Sub-Personas

Homeowners can invite family members with three access scopes: Read (view only), Comment (view + feedback), and Act (full decision-making). The family role (wife, parent, child, other) is descriptive; the scope controls actual access.

LK

Lakshmi

wife
act

Age 43, school principal. Makes all material and finish decisions. Picks tiles, switches, fans, paint colors.

Can Do

  • View project
  • Timeline
  • Select materials
  • Approve concepts
  • Pay invoices
  • Comment
  • Report defects
  • View docs

Cannot Do

  • Admin functions
  • Invite others
AP

Appa

parent
comment

Age 70, retired engineer. Visits site weekly. Wants to see progress photos and comment on design.

Can Do

  • View project
  • Timeline
  • Site updates
  • Comment on concepts
  • View drawings
  • View docs

Cannot Do

  • Select materials
  • Approve concepts
  • Pay invoices
  • Report defects
RJ

Raju Jr

child
read

Age 18, college student. Wants to see the house gallery and progress photos.

Can Do

  • View project
  • Timeline
  • Site updates
  • View drawings

Cannot Do

  • Everything else
UK

Uncle Krishnan

other
comment

Age 55, family advisor. Reviews designs and gives feedback.

Can Do

  • View project
  • Comment on concepts
  • View drawings

Cannot Do

  • Select materials
  • Approve
  • Pay
PR

Priya

other
act

Age 28, interior design enthusiast. Helps with kitchen and bathroom material picks.

Can Do

  • Full act scope — same as primary owner

Cannot Do

  • Invite family members

Scope Capability Matrix

Capability
Read
Comment
Act
View project dashboard
View construction timeline
View site updates (DPR photos)
View approved drawings
View documents
Comment on design concepts
Comment on defects
Lock/approve concepts
Select materials
Pay invoices
Report defects
Issue referral code

12 capabilities across 3 scopes

Family Member Rules

  • Maximum 4 family members per project
  • Each member logs in via phone OTP
  • Primary homeowner can invite/remove family members
  • Family members CANNOT invite other family members
  • Scope can be changed by the primary homeowner anytime
  • Every family action writes an audit_log row with the family member's ID

Role vs Scope

The family role (husband, wife, parent, child, other) is descriptive — it identifies the relationship. The scope (read, comment, act) controls access. A “parent” can have any scope. A “child” typically gets read, but the primary homeowner can upgrade them to comment or act at any time.

Notification Channel Defaults

Default notification channels per role. Users with the “Opt out of channel” permission can disable specific channels. Subcontractors receive WhatsApp only.

RoleWhatsAppEmailSMSPushCan opt out
Owner
Ops Admin
Sales
Designer
PM
Site Engineer
Finance
Viewer
Subcontractor
Client

Subcontractor Access Summary

External trade workers have the most restricted access. They see only their assigned projects and cannot access CRM, sales, design, finance, or analytics data.

Allowed (own projects)

  • View approved drawings
  • View DPR entries
  • Report defects (flag issues on site)
  • View project documents (drawings only)
  • Receive WhatsApp notifications

Restricted

  • View pipeline or CRM data
  • Access sales, quotes, or invoices
  • View or interact with design concepts
  • Access AI warmth or analytics
  • View or change material selections
  • Submit DPRs (site engineer only)
  • Raise or answer RFIs
  • View payment gating or financials
  • Triage, resolve defects, or manage warranties
  • Receive email, SMS, or push notifications
  • Opt out of notification channels

10

System Roles

10

Permission Categories

94

Individual Permissions

15

Override Rules