Legend
| Symbol | Meaning |
|---|---|
| Full | Create, read, update, and delete. |
| Edit | Create, read, and update. No delete. |
| Read | Read-only access. |
| Own | Access limited to records the user owns or is assigned to. |
| — | No access. |
Safety Management (SMS)
| Action | Platform Admin | Admin | Safety Manager | Pilot | Crew | Viewer |
|---|---|---|---|---|---|---|
| Submit safety reports | Full | Full | Full | Edit | Edit | — |
| View all safety reports | Full | Full | Full | Own | Own | Read |
| Review and triage reports | Full | Full | Full | — | — | — |
| Manage report statuses | Full | Full | Full | — | — | — |
| Delete safety reports | Full | Full | — | — | — | — |
| Create investigations | Full | Full | Full | — | — | — |
| Manage investigations | Full | Full | Full | — | — | — |
| View investigations | Full | Full | Full | Own | — | Read |
| Create CPAs | Full | Full | Full | — | — | — |
| Manage CPA statuses | Full | Full | Full | — | — | — |
| Verify CPAs | Full | Full | Full | — | — | — |
| View CPAs | Full | Full | Full | Own | Own | Read |
| Perform risk assessments | Full | Full | Full | — | — | — |
| View risk assessments | Full | Full | Full | Read | — | Read |
| Manage compliance checklists | Full | Full | Full | — | — | — |
| View compliance dashboards | Full | Full | Full | — | — | Read |
| Generate Part 5 reports | Full | Full | Full | — | — | Read |
| Manage safety training records | Full | Full | Full | — | — | — |
| View own training records | Full | Full | Full | Read | Read | — |
Operations
| Action | Platform Admin | Admin | Safety Manager | Pilot | Crew | Viewer |
|---|---|---|---|---|---|---|
| Create trips | Full | Full | — | — | — | — |
| Edit trips | Full | Full | — | — | — | — |
| Delete trips | Full | Full | — | — | — | — |
| View all trips | Full | Full | Read | Own | Own | Read |
| Manage trip statuses | Full | Full | — | — | — | — |
| Manage aircraft records | Full | Full | — | — | — | — |
| View aircraft records | Full | Full | Read | Own | — | Read |
| Manage aircraft statuses | Full | Full | — | — | — | — |
| Manage crew records | Full | Full | — | — | — | — |
| View crew records | Full | Full | Read | Own | Own | Read |
| Manage passenger records | Full | Full | — | — | — | — |
| View passenger records | Full | Full | Read | Own | — | Read |
| View flight schedule | Full | Full | Read | Own | Own | Read |
| Manage dispatch | Full | Full | — | — | — | — |
| Record flight times | Full | Full | — | Edit | — | — |
| Record duty periods | Full | Full | — | Edit | Edit | — |
Administration
| Action | Platform Admin | Admin | Safety Manager | Pilot | Crew | Viewer |
|---|---|---|---|---|---|---|
| Manage users | Full | Full | — | — | — | — |
| Assign user roles | Full | Full | — | — | — | — |
| View user list | Full | Full | Read | — | — | — |
| Manage tenant settings | Full | Full | — | — | — | — |
| View tenant settings | Full | Full | Read | — | — | — |
| Manage integrations | Full | Full | — | — | — | — |
| Manage API keys | Full | Full | — | — | — | — |
| View audit logs | Full | Full | Read | — | — | — |
| Manage subscription/billing | Full | Full | — | — | — | — |
| Access all tenants | Full | — | — | — | — | — |
| Impersonate users | Full | — | — | — | — | — |
Document Management
| Action | Platform Admin | Admin | Safety Manager | Pilot | Crew | Viewer |
|---|---|---|---|---|---|---|
| Upload documents | Full | Full | Full | Edit | — | — |
| View documents | Full | Full | Full | Read | Read | Read |
| Delete documents | Full | Full | Full | — | — | — |
| Manage document categories | Full | Full | Full | — | — | — |
Notifications
| Action | Platform Admin | Admin | Safety Manager | Pilot | Crew | Viewer |
|---|---|---|---|---|---|---|
| Receive safety notifications | Full | Full | Full | Own | Own | — |
| Receive operational notifications | Full | Full | — | Own | Own | — |
| Receive admin notifications | Full | Full | — | — | — | — |
| Manage notification preferences | Full | Full | Full | Own | Own | Own |
Notes
- Own access means the user can only access records where they are the author, assignee, or a member of the assigned crew.
- The
platform_adminrole has unrestricted access across all tenants and is not subject to tenant-level permission checks. - Permissions are enforced server-side in API loaders and actions. The UI hides inaccessible elements, but the API rejects unauthorized requests regardless of how they are made.
- Custom permission configurations are not supported. Roles have fixed permission sets.