Roles & Permissions
Control who can access what, per resource and per branch.
Holy Resource uses branch-aware RBAC. Access decisions are based on:
- the user's global role
- branch assignment
- resource + action permissions
Open Users & Permissions
Go to Settings → Users & Permissions.
Depending on license mode and role, you can manage:
- users
- permission templates
- branch roles
Add a Staff Member
Create a user account, set credentials, and optionally assign initial branch access.
Assigning a Role
Choose a pre-defined role or create a custom one. Roles are collections of permissions.
- Global and branch roles can differ.
- The same person can have different branch access in different locations.
Branch-Level Access
Use Manage Branch Access on a user to assign branch-specific roles and permissions.
A staff member can be powerful in one branch and limited in another.
If you later revoke a branch or module permission, Holy Resource refreshes that user’s effective access on synced devices. Branch removal signs the user out from that branch context, and module-level read loss clears local data for that module after the refreshed access state is applied.
Permission Resource Types
Permissions are defined by Resource and Action:
| Resource | Actions |
|---|---|
| Examples | Typical actions |
| Members / Families / Ministries | Read, Write, Delete, Export |
| Events / Attendance / Volunteers | Read, Write, Delete, Manage |
| Donations / Finances / Expenses | Read, Write, Delete, Export |
| Settings / Users / Branches | Read, Write, Manage |
If someone can see a screen but cannot complete an action, check both their branch access and the resource-action permission for that feature.
For sensitive areas such as Kids Wing, changing a permission should be treated like a live security action, not just a future cleanup task.