User Roles & Permissions
GoalPath provides four distinct user roles, each with carefully designed permissions to support different team structures and responsibilities.
Role Overview
| Role | Primary Use Case | Key Permissions |
|---|---|---|
| Owner | Project administrators | Full access including settings and billing |
| Project Leader | Lead developers & team leads | All Collaborator and Stakeholder permissions |
| Collaborator | Development team members | Work on items, create milestones, view reports |
| Stakeholder | Business stakeholders & PMs | View roadmap, vote on priorities, track progress |
| Viewer | Read-only observers | View roadmap and milestones only |
Owner
Project Leader
Primary Responsibility: Lead development and strategic prioritization
Project Leaders have all the permissions of Collaborators and Stakeholders. They can work on items, create milestones, view reports, and also participate in voting and strategic decisions.
What Project Leaders Can Do
- ✅ Create and manage items - Add new work items, update descriptions
- ✅ Update item progress - Move items through workflow (NotStarted → Started → Finished → Delivered → Accepted)
- ✅ Add estimates - Estimate story points for forecasting
- ✅ Create milestones - Plan project phases and goals
- ✅ View reports - Access time reports and velocity metrics
- ✅ Standup updates - Participate in daily standups
- ✅ Board access - View and manage work on kanban board
- ✅ View members - See who's on the team
- ✅ Voting access - Participate in milestone prioritization
- ✅ View roadmap and milestones - Track progress and strategic alignment
- ❌ No settings access - Cannot modify project configuration
Accessible Pages
- Dashboard
- Search
- Standup
- Board
- Roadmap
- Milestones (view and edit)
- Time Report
- Voting
- Members
Primary Responsibility: Project administration and strategic decisions
Owners have complete control over the project, including administrative functions that other roles cannot access.
What Owners Can Do
- ✅ Full project access - All features and pages
- ✅ Project settings - Modify project configuration
- ✅ Member management - Invite, remove, and change member roles
- ✅ Billing & subscription - Manage payment and plan settings
- ✅ Team management - Create and manage teams
- ✅ Voting access - Participate in milestone prioritization
- ✅ All Collaborator permissions - Create and manage work items
Accessible Pages
- Dashboard
- Search
- Standup
- Board
- Roadmap
- Milestones (view and edit)
- Time Report
- Voting
- Members
- Settings (exclusive to Owners)
Collaborator
Primary Responsibility: Execute project work and maintain velocity
Collaborators are the core development team who actively work on items, update status, and drive the project forward.
What Collaborators Can Do
- ✅ Create and manage items - Add new work items, update descriptions
- ✅ Update item progress - Move items through workflow (NotStarted → Started → Finished → Delivered → Accepted)
- ✅ Add estimates - Estimate story points for forecasting
- ✅ Create milestones - Plan project phases and goals
- ✅ View reports - Access time reports and velocity metrics
- ✅ Standup updates - Participate in daily standups
- ✅ Board access - View and manage work on kanban board
- ✅ View members - See who's on the team
- ❌ No settings access - Cannot modify project configuration
- ❌ No voting access - Cannot participate in prioritization voting
Accessible Pages
- Dashboard
- Search
- Standup
- Board
- Roadmap
- Milestones (view and edit)
- Time Report
- Members
Critical Workflows
Collaborators can complete the full item lifecycle:
- Create items on milestones
- Add estimates for forecasting
- Progress items: NotStarted → Started → Finished → Delivered
- Accept or reject delivered items
- View velocity and forecast metrics
Stakeholder
Primary Responsibility: Strategic oversight and priority decisions
Stakeholders provide business perspective, vote on priorities, and track overall progress without getting involved in day-to-day execution.
What Stakeholders Can Do
- ✅ Vote on milestones - Participate in prioritization voting
- ✅ View roadmap - See project timeline and dependencies
- ✅ View milestones - Track progress of major deliverables
- ✅ Search content - Find specific items and milestones
- ✅ View members - See team composition
- ❌ No item editing - Cannot modify work items or status
- ❌ No standup access - Cannot participate in daily standups
- ❌ No board access - Cannot view or manage kanban board
- ❌ No time reports - Cannot view detailed velocity metrics
- ❌ No settings access - Cannot modify project configuration
Accessible Pages
- Dashboard
- Search
- Roadmap
- Milestones (read-only)
- Voting (exclusive to Stakeholders and Owners)
- Members
Use Cases
- Product Managers who need to influence priorities but don't execute work
- Business Stakeholders tracking ROI and strategic alignment
- Executives monitoring high-level progress
- Customer Representatives voting on feature priorities
Viewer
Primary Responsibility: Read-only observation and transparency
Viewers have minimal permissions, ideal for observers who need visibility without any ability to modify data.
What Viewers Can Do
- ✅ View roadmap - See project timeline (read-only)
- ✅ View milestones - Track milestone progress (read-only)
- ✅ Search content - Find items and milestones
- ✅ View members - See team composition
- ❌ No editing - Cannot create or modify anything
- ❌ No voting access - Cannot participate in prioritization
- ❌ No standup access - Cannot view standup updates
- ❌ No board access - Cannot view kanban board
- ❌ No time reports - Cannot view velocity metrics
- ❌ No settings access - Cannot modify project configuration
Accessible Pages
- Dashboard
- Search
- Roadmap (read-only)
- Milestones (read-only)
- Members
Use Cases
- Auditors who need project visibility
- Consultants providing advice without hands-on involvement
- Documentation Team tracking what to document
- Temporary Observers who need short-term visibility
Permission Matrix
Quick reference for what each role can access:
| Feature | Owner | Project Leader | Collaborator | Stakeholder | Viewer |
|---|---|---|---|---|---|
| Dashboard | ✅ | ✅ | ✅ | ✅ | ✅ |
| Search | ✅ | ✅ | ✅ | ✅ | ✅ |
| Roadmap | ✅ Full | ✅ Full | ✅ Full | ✅ Read | ✅ Read |
| Milestones | ✅ Edit | ✅ Edit | ✅ Edit | ✅ Read | ✅ Read |
| Members | ✅ Manage | ✅ View | ✅ View | ✅ View | ✅ View |
| Voting | ✅ | ✅ | ❌ | ✅ | ❌ |
| Standup | ✅ | ✅ | ✅ | ❌ | ❌ |
| Board | ✅ | ✅ | ✅ | ❌ | ❌ |
| Time Report | ✅ | ✅ | ✅ | ❌ | ❌ |
| Settings | ✅ | ❌ | ❌ | ❌ | ❌ |
Changing User Roles
Best Practices for Role Assignment
- Start Restrictive: Assign the minimum role needed, then upgrade if necessary
- Owner Sparingly: Only 1-2 Owners per project to prevent accidental configuration changes
- Collaborator for Doers: Anyone executing work should be a Collaborator
- Stakeholder for Voters: Business stakeholders who influence priorities
- Viewer for Transparency: External observers or temporary access
Role Upgrade Patterns
Common progression paths as team members' involvement increases:
- Viewer → Stakeholder: Observer becomes active in prioritization decisions
- Stakeholder → Collaborator: Stakeholder starts executing work
- Collaborator → Owner: Trusted team member needs administrative access
Security & Access Control
Protected Routes
GoalPath enforces role-based access control at the application level:
- Attempting to access restricted pages results in "Access Denied" or redirect
- API endpoints verify permissions on every request
- Role changes take effect immediately (no logout required)
Audit Trail
All significant actions are logged with user and role information:
- Project Owner can review who made changes
- Helps with compliance and troubleshooting
- Available in project activity logs
Frequently Asked Questions
Q: Can a user have different roles in different projects?
A: Yes! Roles are project-specific. You might be an Owner in one project and a Collaborator in another.
Q: What happens when a member's role is changed?
A: The change takes effect immediately. The user will see updated sidebar navigation and permissions on their next page load.
Q: Can Owners remove themselves?
A: Yes, but projects must have at least one Owner. The last Owner cannot remove themselves without first assigning another Owner.
Q: Do Stakeholders see all project data?
A: Stakeholders see roadmap, milestones, and voting data but cannot access execution details like standup, board, or time reports.
Q: Can Viewers see sensitive information?
A: Viewers can see all roadmap and milestone data. If you need to hide information, consider using separate projects instead of relying on role restrictions.