Skip to main content
This matrix defines the actions available to each user role across all PlaneConnection modules. Permissions are enforced at both the UI and API layers.

Legend

SymbolMeaning
FullCreate, read, update, and delete.
EditCreate, read, and update. No delete.
ReadRead-only access.
OwnAccess limited to records the user owns or is assigned to.
No access.

Safety Management (SMS)

ActionPlatform AdminAdminSafety ManagerPilotCrewViewer
Submit safety reportsFullFullFullEditEdit
View all safety reportsFullFullFullOwnOwnRead
Review and triage reportsFullFullFull
Manage report statusesFullFullFull
Delete safety reportsFullFull
Create investigationsFullFullFull
Manage investigationsFullFullFull
View investigationsFullFullFullOwnRead
Create CPAsFullFullFull
Manage CPA statusesFullFullFull
Verify CPAsFullFullFull
View CPAsFullFullFullOwnOwnRead
Perform risk assessmentsFullFullFull
View risk assessmentsFullFullFullReadRead
Manage compliance checklistsFullFullFull
View compliance dashboardsFullFullFullRead
Generate Part 5 reportsFullFullFullRead
Manage safety training recordsFullFullFull
View own training recordsFullFullFullReadRead

Operations

ActionPlatform AdminAdminSafety ManagerPilotCrewViewer
Create tripsFullFull
Edit tripsFullFull
Delete tripsFullFull
View all tripsFullFullReadOwnOwnRead
Manage trip statusesFullFull
Manage aircraft recordsFullFull
View aircraft recordsFullFullReadOwnRead
Manage aircraft statusesFullFull
Manage crew recordsFullFull
View crew recordsFullFullReadOwnOwnRead
Manage passenger recordsFullFull
View passenger recordsFullFullReadOwnRead
View flight scheduleFullFullReadOwnOwnRead
Manage dispatchFullFull
Record flight timesFullFullEdit
Record duty periodsFullFullEditEdit

Administration

ActionPlatform AdminAdminSafety ManagerPilotCrewViewer
Manage usersFullFull
Assign user rolesFullFull
View user listFullFullRead
Manage tenant settingsFullFull
View tenant settingsFullFullRead
Manage integrationsFullFull
Manage API keysFullFull
View audit logsFullFullRead
Manage subscription/billingFullFull
Access all tenantsFull
Impersonate usersFull

Document Management

ActionPlatform AdminAdminSafety ManagerPilotCrewViewer
Upload documentsFullFullFullEdit
View documentsFullFullFullReadReadRead
Delete documentsFullFullFull
Manage document categoriesFullFullFull

Notifications

ActionPlatform AdminAdminSafety ManagerPilotCrewViewer
Receive safety notificationsFullFullFullOwnOwn
Receive operational notificationsFullFullOwnOwn
Receive admin notificationsFullFull
Manage notification preferencesFullFullFullOwnOwnOwn

Notes

  • Own access means the user can only access records where they are the author, assignee, or a member of the assigned crew.
  • The platform_admin role has unrestricted access across all tenants and is not subject to tenant-level permission checks.
  • Permissions are enforced server-side in API loaders and actions. The UI hides inaccessible elements, but the API rejects unauthorized requests regardless of how they are made.
  • Custom permission configurations are not supported. Roles have fixed permission sets.