User Roles & Permissions

GoalPath provides four distinct user roles, each with carefully designed permissions to support different team structures and responsibilities.

Role Overview

Owner

Project Leader

Primary Responsibility: Lead development and strategic prioritization

Project Leaders have all the permissions of Collaborators and Stakeholders. They can work on items, create milestones, view reports, and also participate in voting and strategic decisions.

What Project Leaders Can Do

• ✅ Create and manage items - Add new work items, update descriptions
• ✅ Update item progress - Move items through workflow (NotStarted → Started → Finished → Delivered → Accepted)
• ✅ Add estimates - Estimate story points for forecasting
• ✅ Create milestones - Plan project phases and goals
• ✅ View reports - Access time reports and velocity metrics
• ✅ Standup updates - Participate in daily standups
• ✅ Board access - View and manage work on kanban board
• ✅ View members - See who's on the team
• ✅ Voting access - Participate in milestone prioritization
• ✅ View roadmap and milestones - Track progress and strategic alignment
• ❌ No settings access - Cannot modify project configuration

Accessible Pages

• Dashboard
• Search
• Standup
• Board
• Roadmap
• Milestones (view and edit)
• Time Report
• Voting
• Members

Primary Responsibility: Project administration and strategic decisions

Owners have complete control over the project, including administrative functions that other roles cannot access.

What Owners Can Do

• ✅ Full project access - All features and pages
• ✅ Project settings - Modify project configuration
• ✅ Member management - Invite, remove, and change member roles
• ✅ Billing & subscription - Manage payment and plan settings
• ✅ Team management - Create and manage teams
• ✅ Voting access - Participate in milestone prioritization
• ✅ All Collaborator permissions - Create and manage work items

Accessible Pages

• Dashboard
• Search
• Standup
• Board
• Roadmap
• Milestones (view and edit)
• Time Report
• Voting
• Members
• Settings (exclusive to Owners)

---

Collaborator

Primary Responsibility: Execute project work and maintain velocity

Collaborators are the core development team who actively work on items, update status, and drive the project forward.

What Collaborators Can Do

• ✅ Create and manage items - Add new work items, update descriptions
• ✅ Update item progress - Move items through workflow (NotStarted → Started → Finished → Delivered → Accepted)
• ✅ Add estimates - Estimate story points for forecasting
• ✅ Create milestones - Plan project phases and goals
• ✅ View reports - Access time reports and velocity metrics
• ✅ Standup updates - Participate in daily standups
• ✅ Board access - View and manage work on kanban board
• ✅ View members - See who's on the team
• ❌ No settings access - Cannot modify project configuration
• ❌ No voting access - Cannot participate in prioritization voting

Accessible Pages

• Dashboard
• Search
• Standup
• Board
• Roadmap
• Milestones (view and edit)
• Time Report
• Members

Critical Workflows

Collaborators can complete the full item lifecycle:

1. Create items on milestones
2. Add estimates for forecasting
3. Progress items: NotStarted → Started → Finished → Delivered
4. Accept or reject delivered items
5. View velocity and forecast metrics

---

Stakeholder

Primary Responsibility: Strategic oversight and priority decisions

Stakeholders provide business perspective, vote on priorities, and track overall progress without getting involved in day-to-day execution.

What Stakeholders Can Do

• ✅ Vote on milestones - Participate in prioritization voting
• ✅ View roadmap - See project timeline and dependencies
• ✅ View milestones - Track progress of major deliverables
• ✅ Search content - Find specific items and milestones
• ✅ View members - See team composition
• ❌ No item editing - Cannot modify work items or status
• ❌ No standup access - Cannot participate in daily standups
• ❌ No board access - Cannot view or manage kanban board
• ❌ No time reports - Cannot view detailed velocity metrics
• ❌ No settings access - Cannot modify project configuration

Accessible Pages

• Dashboard
• Search
• Roadmap
• Milestones (read-only)
• Voting (exclusive to Stakeholders and Owners)
• Members

Use Cases

• Product Managers who need to influence priorities but don't execute work
• Business Stakeholders tracking ROI and strategic alignment
• Executives monitoring high-level progress
• Customer Representatives voting on feature priorities

---

Viewer

Primary Responsibility: Read-only observation and transparency

Viewers have minimal permissions, ideal for observers who need visibility without any ability to modify data.

What Viewers Can Do

• ✅ View roadmap - See project timeline (read-only)
• ✅ View milestones - Track milestone progress (read-only)
• ✅ Search content - Find items and milestones
• ✅ View members - See team composition
• ❌ No editing - Cannot create or modify anything
• ❌ No voting access - Cannot participate in prioritization
• ❌ No standup access - Cannot view standup updates
• ❌ No board access - Cannot view kanban board
• ❌ No time reports - Cannot view velocity metrics
• ❌ No settings access - Cannot modify project configuration

Accessible Pages

• Dashboard
• Search
• Roadmap (read-only)
• Milestones (read-only)
• Members

Use Cases

• Auditors who need project visibility
• Consultants providing advice without hands-on involvement
• Documentation Team tracking what to document
• Temporary Observers who need short-term visibility

---

Permission Matrix

Quick reference for what each role can access:

---

Changing User Roles

Best Practices for Role Assignment

1. Start Restrictive: Assign the minimum role needed, then upgrade if necessary
2. Owner Sparingly: Only 1-2 Owners per project to prevent accidental configuration changes
3. Collaborator for Doers: Anyone executing work should be a Collaborator
4. Stakeholder for Voters: Business stakeholders who influence priorities
5. Viewer for Transparency: External observers or temporary access

Role Upgrade Patterns

Common progression paths as team members' involvement increases:

• Viewer → Stakeholder: Observer becomes active in prioritization decisions
• Stakeholder → Collaborator: Stakeholder starts executing work
• Collaborator → Owner: Trusted team member needs administrative access

---

Security & Access Control

Protected Routes

GoalPath enforces role-based access control at the application level:

• Attempting to access restricted pages results in "Access Denied" or redirect
• API endpoints verify permissions on every request
• Role changes take effect immediately (no logout required)

Audit Trail

All significant actions are logged with user and role information:

• Project Owner can review who made changes
• Helps with compliance and troubleshooting
• Available in project activity logs

---

Frequently Asked Questions

Q: Can a user have different roles in different projects?
A: Yes! Roles are project-specific. You might be an Owner in one project and a Collaborator in another.

Q: What happens when a member's role is changed?
A: The change takes effect immediately. The user will see updated sidebar navigation and permissions on their next page load.

Q: Can Owners remove themselves?
A: Yes, but projects must have at least one Owner. The last Owner cannot remove themselves without first assigning another Owner.

Q: Do Stakeholders see all project data?
A: Stakeholders see roadmap, milestones, and voting data but cannot access execution details like standup, board, or time reports.

Q: Can Viewers see sensitive information?
A: Viewers can see all roadmap and milestone data. If you need to hide information, consider using separate projects instead of relying on role restrictions.

---