Home

1 What's on this page

The Role Management page provides comprehensive control over user access through a two-tab interface. Each tab manages a different aspect of role-based access control.

Role Permissions

Create and manage roles, define their descriptions, and configure detailed feature access permissions. Control which features each role can view, edit, or fully access across all Musket modules.

Role Allocation

Assign roles to users or view role assignments. Switch between viewing by roles (see which users have a role) or by users (see which roles a user has). Quick checkboxes enable instant role assignment changes.

Who can access: Administrators with the full Administration - Roles permission see the Role Permissions tab. Administrators with the full Administration - Users permission see the Role Allocation tab. Users without these permissions see an access notification instead.

Role changes take effect immediately. Users may need to sign out and sign back in for some permission changes to fully apply. Test role configurations with a test user account before applying to operational staff.

2 Role permissions tab

The Role Permissions tab displays a table of all roles in your organisation. Here you create new roles, edit existing role details and permissions, and delete roles that are no longer needed. Each role defines a set of permissions that control access to Musket features.

2.1 Understanding roles

Roles are the foundation of access control in Musket. Each role represents a job function or responsibility level within your organisation (e.g., "Flight Crew", "Maintenance Staff", "Administrator", "Accountable Manager").

Role Properties

Role Name: The internal identifier for the role (cannot be changed for system roles)
Custom Label: The display name shown throughout Musket
Description: Explains the role's purpose and typical users
Hide From Registration Form: When checked, this role won't appear on the user registration form

System Roles vs. Custom Roles

System Roles: Pre-configured roles essential to Musket operations. You can edit their custom labels, descriptions, and permissions, but cannot delete them or change their role name.
Custom Roles: Roles you create to match your organisation's structure. You can fully edit or delete these roles as needed.

2.2 The roles table

The table displays all roles with the following columns:

Column	Meaning	Notes
Edit	Opens the role details window to modify the role	System roles can be edited but with some restrictions
Role name	The custom label for the role	Sortable; click the column header to sort alphabetically
Description	Brief explanation of the role's purpose	Helps identify which role applies to which staff
Users	Number of users assigned to this role	Sortable; click the column header to sort by count
Delete	Removes the role from the system	Disabled for system roles and roles with assigned users

The table supports pagination when you have 16 or more roles—use the "Items per page" dropdown to control how many roles display at once.

Export role permissions report: In the Manage Roles grid header (next to the "Manage Roles" title), you'll find a report button that opens the User Access And Policies Report.

This provides quick access to export detailed role permissions and user access levels in a comprehensive Excel or PDF format. The report is color-coded to show Full/Edit access (green), View access (blue), and No Access (white).

2.3 Create a new role

When to create a new role

Create a new role when you need a distinct set of permissions for a group of users that doesn't match any existing role. Common examples include specialised positions, temporary project teams, or external contractors with limited access needs.

Steps to create a role

Click Add User Role in the top-right corner of the page
In the window that opens, enter the role details:
- Role Name: Enter a unique identifier (e.g., "ContractorLimited")
- Custom Label: Enter the display name (e.g., "Contractor - Limited Access")
- Description: Briefly explain who uses this role and why
- Hide From Registration Form: Check this if the role should only be assigned by administrators (recommended for restricted roles)
Configure permissions in the permissions table (see Configuring permissions below)
Click Submit to create the role

Tip: When creating a new role, start by identifying an existing role with similar permissions. You can use that role as a reference while setting up permissions for the new role, or consider whether the new users might simply be added to the existing role with minor permission adjustments.

2.4 Edit a role

When to edit a role

Edit a role when responsibilities change, new features are added to Musket, or when access needs adjustment. Editing is also necessary when you want to update the custom label or description for clarity.

Steps to edit a role

Click the Edit button (pencil icon) for the role you want to modify
In the window that opens, update the role details as needed:
- For system roles, you can only change the Custom Label, Description, Hide From Registration Form checkbox, and permissions
- For custom roles, you can change all fields including the Role Name
Adjust permissions in the permissions table (see Configuring permissions below)
Click Submit to save your changes

Warning: Changes to role permissions affect all users assigned to that role immediately. If you need to restrict access for some users but not others in the same role, consider creating a new role with the restricted permissions and moving those users to the new role.

2.5 Configure permissions

The permissions table in the role details window lists all Musket features organised by section. For each feature, you grant one of three permission levels: View, Edit, or Full. These levels determine what users in this role can do with that feature.

Permission levels explained

View

Users can see the feature and read data, but cannot make changes. Use this for reference access or when staff need to review information without editing it.

Edit

Users can view and modify data within the feature. They may have restrictions on advanced actions like deleting records or changing certain settings. Use this for operational staff who work with data daily.

Full

Users have complete access to the feature, including advanced actions, deletions, and configuration changes. Use this for administrators and managers who need unrestricted control.

Setting permissions

In the permissions table, features are grouped under section headers (e.g., "Scheduling", "Maintenance Hub", "Quality Safety Security")
For each feature row, you'll see columns for View, Edit, and Full permissions
Click the icon in each column to toggle permissions:
- Green checkmark: Permission granted
- Red X: Permission not granted
- N/A: This permission level doesn't exist for this feature
Click any icon to toggle between granted and not granted
Scroll through all sections to ensure you've configured the correct access for the role
Click Submit to save the permissions

Note: Permissions are hierarchical in some cases. For example, granting "Full" access to a parent module often includes all actions covered by "View" and "Edit". Review your organisation's access control requirements carefully when configuring permissions.

2.6 Delete a role

When to delete a role

Delete a role when it's no longer used and no users are assigned to it. This keeps your role list clean and prevents confusion when assigning roles to new users. You cannot delete system roles or roles with assigned users.

Steps to delete a role

Ensure no users are assigned to the role (check the "Users" column—it must show 0)
Click the Delete button for the role
Confirm the deletion in the window that appears
The role is permanently removed from the system

If deletion is blocked

If the Delete button is disabled or you see a message saying users are assigned to the role, you must first remove all users from that role using the Role Allocation tab. Once the role has zero users, you can delete it. System roles can never be deleted regardless of user count.

3 Role allocation tab

The Role Allocation tab assigns roles to users and shows which roles users currently have. You can view role assignments two ways: by roles (which users have a specific role) or by users (which roles a specific user has).

3.1 Switch between views

At the top of the tab, you'll see two radio buttons:

View by roles: Shows a table of roles with an "Assign users" button for each role. This view is best when you need to see who has a particular role or when assigning multiple users to the same role.
View by users: Shows a table of users with checkboxes for each role. This view is best when you need to see all roles for a specific user or when assigning multiple roles to the same user.

Choose the view that matches your current task. The data is the same in both views—only the layout changes.

3.2 View by roles

In this view, the table displays all roles with a column showing how many users have each role. Use the search box at the top to filter roles by name or description. The table includes these columns:

Column	Meaning
Edit	Opens the role details window to modify the role
Role name	The custom label for the role (sortable)
Description	Brief explanation of the role's purpose
Users	Number of active users assigned to this role (excludes deactivated and system users; sortable)
Assign users	Opens a window to quickly assign or remove users from this role
Delete	Removes the role (disabled for system roles or roles with assigned users)

Assign users to a role

Find the role in the table (use the search box to filter if needed)
Click the Assign users button (person icon) in that role's row
In the window that opens, you'll see a list of all users
Check the boxes next to users you want to add to this role
Uncheck the boxes next to users you want to remove from this role
Click Submit to save the changes

The "Users" column updates immediately to reflect the new count. Changes take effect right away—users gain or lose access based on their new role assignments.

3.3 View by users

In this view, the table displays all users with a column for each role. Checkboxes show which roles each user currently has. Use the search box to filter users by name.

Assign roles to a user (quick method)

Find the user in the table
Check or uncheck the role checkboxes in that user's row:
- Checked: User has the role
- Unchecked: User does not have the role
Changes save automatically when you click a checkbox

Assign roles to a user (window method)

Find the user in the table
Click the Assign roles button (pen icon) in the user's row
In the window that opens, check or uncheck roles as needed
Click Submit to save the changes

Both methods produce the same result. The quick checkbox method is faster for simple changes; the window method is better when you need to carefully review all role assignments for a user.

Tip: When onboarding a new user, start in "View by users" mode. Locate the new user and use the "Assign roles" button to quickly assign all necessary roles at once. This ensures the user has complete access on their first login.

4 Common workflows

Onboard a new staff member

Create a user account (in User Management or via registration)
Go to Role Allocation tab → View by users
Find the new user and click "Assign roles"
Check all applicable roles for their position
Submit to complete onboarding

Adjust permissions for a role

Go to Role Permissions tab
Click Edit for the role
Review current permissions in the permissions table
Toggle permissions as needed
Submit to apply changes to all users with this role

Create a temporary project team role

Go to Role Permissions tab
Click "Add User Role"
Name it clearly (e.g., "Project XYZ Team")
Check "Hide From Registration Form"
Configure limited permissions for the project scope
Assign users via Role Allocation

Audit who has admin access

Go to Role Allocation tab → View by roles
Use search to filter for admin-related roles
Review the "Users" count for each admin role
Click "Assign users" to see exactly who has the role
Remove users if necessary

5 Troubleshooting

User can't see a feature they should have access to

Check which roles the user has (Role Allocation tab → View by users)
For each role, check if that role grants the required permission (Role Permissions tab → Edit role → Review permissions table)
If no role grants the permission, either add the permission to an existing role the user has, or assign the user to a role that already has the permission
Ask the user to sign out and sign back in if the permission change doesn't take effect immediately

Can't delete a role

The Delete button is disabled for two reasons:

System role: System roles are essential to Musket and cannot be deleted. You can edit their permissions and labels, but not remove them entirely.
Users assigned: The role has one or more users. Remove all users from the role first (Role Allocation tab), then try deleting again.

Changes not taking effect

Most permission changes apply immediately, but in some cases users need to refresh their session:

Ask affected users to sign out and sign back in
If using a mobile app, ask users to close and restart the app
For web users, clearing the browser cache may help in rare cases

Too many roles to manage

If you have many custom roles that serve similar purposes, consider consolidating them. Review each role's permissions and user count. Where roles differ only slightly, merge them into a single role with broader permissions or restructure to have fewer, more clearly defined roles. This simplifies onboarding and reduces the risk of access control errors.

6 Related pages

User Management: Create and manage user accounts that will be assigned roles
Staff Management → Crew & Staff Register: View and manage user details including role-based access
My Portal → Account Settings: Where users see their own assigned roles and permissions