ATLAS
Role Management

Define custom roles, assign granular permissions, and control who on your team can access what. Inspired by Gusto, Rippling, and Linear workspaces.

1 Roles LIVE
2 Permissions LIVE
3 Analytics PLANNED
1 Roles + Detail LIVE
2 Permissions + Members LIVE
3 Audit + Analytics PLANNED
1 Role Management LIVE
2 Audit + Analytics LIVE
3 Create & Edit Role LIVE
4 Permission Matrix LIVE
Roles
Team Roles Overview
9:41
Team Roles
5
Active Roles
12
Team Members
Admin
Full access to all features
2
All Permissions
SYSTEM
Manager
Team oversight, job and billing access
3
Jobs
Billing
Team
CRM
SYSTEM
Technician
Assigned jobs, time clock, photos
5
Jobs (view)
Time Clock
Photos
SYSTEM
Sales Rep
Leads, proposals, CRM access
1
CRM
Proposals
Leads
CUSTOM
Dispatcher
Route scheduling, dispatch board
1
Dispatch
Calendar
Jobs (view)
CUSTOM
RoleCardList, StatsGrid
useQuery(api.teams.contractorTeamQueries.listCustomRoles)
Create Role
9:41
Create Role
Role Name
Description
Color Label
Start from Template
Admin
Full access — 24 permissions
Manager
Team oversight — 18 permissions
Technician
Field work — 8 permissions
Sales
CRM & proposals — 12 permissions
Blank
Start from scratch — 0 permissions
Create & Set Permissions
CreateRoleForm, TemplateSelector, ColorPicker
useMutation(api.teams.contractorTeams.createCustomRole)
Permission Editor
9:41
Permissions
Field Supervisor 18 of 24 enabled
Jobs
5/5
Select All
View Jobs
See all job listings and details
Create Jobs
Post new jobs to the marketplace
Edit Jobs
Modify existing job details
Assign Technicians
Dispatch team to jobs
Complete Jobs
Mark jobs as finished
Billing
3/4
Team
4/5
Settings
2/4
CRM
3/3
Dispatch
1/3
Save Permissions
PermissionEditor, PermissionAccordion, ToggleSwitch
useMutation(api.teams.contractorTeams.updateCustomRole)
Permissions
Role Detail
9:41
Role Detail
Manager
System role · 3 members · 18 permissions
Assigned Members
Add
MJ
Marcus Johnson
marcus@acmeroofing.com
ACTIVE
SR
Sarah Rodriguez
sarah@acmeroofing.com
ACTIVE
DW
David Williams
david@acmeroofing.com
INVITED
Permission Summary
Jobs 5/5
Billing 3/4
Team 4/5
Settings 2/4
CRM 3/3
Dispatch 1/3
Edit Role
Delete
RoleDetailScreen, MemberList, PermissionSummary
useQuery(api.teams.contractorTeamQueries.getCustomRole)
Assign Members
9:41
Assign Members
Search team members...
3 selected Select All
MJ
Marcus Johnson
Currently: Manager
MGR
SR
Sarah Rodriguez
Currently: Manager
MGR
DW
David Williams
Currently: Technician
TECH
JT
Jake Thompson
Currently: Sales Rep
SALES
CP
Chris Patterson
Currently: Admin
ADMIN
TL
Tyler Lee
Currently: Technician
TECH
AM
Amanda Mitchell
Currently: Technician
TECH
KN
Kevin Nguyen
Currently: Dispatcher
DISP
Assign 3 to Field Supervisor
AssignMembersSheet, MemberCheckboxList
useMutation(api.teams.contractorTeams.bulkAssignRole)
Roles & Access
9:41
Roles & Access
7
Roles
12
Members
24
Permissions
Standard
Custom
Owner SYSTEM
All 24 permissions · 1 member
Admin SYSTEM
22 permissions · 2 members
Manager SYSTEM
18 permissions · 3 members
Dispatcher SYSTEM
12 permissions · 1 member
Crew Lead SYSTEM
10 permissions · 2 members
Worker SYSTEM
8 permissions · 5 members
Estimator SYSTEM
6 permissions · 1 member
Jobs
Dispatch
Billing
Team
RoleAccessList, PermissionBar, RoleCard
useQuery(api.teams.contractorTeamQueries.listPermissions)
Analytics
Audit Permissions
9:41
Audit Permissions
All Roles
Compare Two
Permission Admin Mgr Tech Sales Disp
Jobs
View Jobs
Create Jobs
Edit Jobs
Assign Techs
Complete Jobs
Billing
View Invoices
Create Invoices
Manage Payouts
Refund
Team
View Members
Invite Members
Manage Roles
Settings
Company Profile
Integrations
PermissionMatrix, CompareSelector, MatrixTable
useQuery(api.teams.contractorTeamQueries.getPermissionMatrix)
Role Analytics
9:41
Role Analytics
Members per Role
Admin
2
Mgr
3
Tech
5
Sales
1
Disp
1
Permission Usage Heatmap
Frequency of permission checks in last 30d
View Jobs
482
Edit Jobs
246
View Invoices
198
Assign Techs
87
Manage Payouts
52
Integrations
12
Manage Roles
8
Refund
3
Low
High
Recently Modified
Field Supervisor created
by Danny M. · 2 hours ago
Sales Rep — 3 permissions added
by Danny M. · Yesterday, 4:32 PM
Dispatcher — member assigned
by Danny M. · Feb 22, 2026
Technician — 2 permissions removed
by Noall S. · Feb 21, 2026
Access Log
View All
Permission denied: Refund
Jake Thompson (Sales) · Today 2:14 PM
Permission granted: Create Jobs
Sarah Rodriguez (Manager) · Today 1:45 PM
Permission denied: Manage Roles
Tyler Lee (Technician) · Today 11:20 AM
Permission granted: View Invoices
Marcus Johnson (Manager) · Today 10:08 AM

Least privilege principle Each role should have only the permissions needed for that function. Review the matrix regularly to ensure no role has excess access.

RoleAnalyticsDashboard, PermissionHeatmap, AuditTimeline
useQuery(api.teams.contractorTeamQueries.getRoleAnalytics)
Roles + Detail
Roles Overview + Role Detail
9:41
Role Management
5
Roles
12
Members
All System Custom
Admin
Full access · 2 members
Manager
Jobs, bids, team · 3 members
Technician
Assigned jobs only · 5 members
Sales Rep
Leads, bids, CRM · 1 member
Apprentice
Custom · 1 member
Manager
System role · Created Jan 15, 2026
Manager Active
Members
3
Permissions
18/24
Last Edit
2d ago
Permission Summary
Jobs
Full
Bids
Full
Team
View
Finance
Read
Settings
None
Assigned Members
Sarah Chen
Added Feb 1, 2026
James Park
Added Jan 20, 2026
Tom Rivera
Added Jan 15, 2026
Permissions + Members
Permissions + Member Assignment
9:41
Edit Permissions
Manager Permissions
18 of 24 enabled
Jobs & Bids
View Jobs
Create Bids
Message Clients
Financial
View Revenue
Manage Payouts
Settings
Company Settings
Manage Roles
Assigned (3) Available (9)
Current Members
Sarah Chen
sarah@kowalskihvac.com
Manager
James Park
james@kowalskihvac.com
Manager
Tom Rivera
tom@kowalskihvac.com
Manager
Available to Assign
Maria Santos
Currently: Technician
David Kim
Currently: Technician
Angela Price
Currently: Sales Rep
Audit + Analytics
Audit Log + Role Analytics
9:41
Audit & Analytics
Matrix Timeline
Permission Matrix
ADM
MGR
TECH
SALES
APPR
View Jobs
Create Bids
Revenue
Payouts
Team Mgmt
Settings
Members per Role
Tech
5
Manager
3
Admin
2
Sales
1
Custom
1
Recent Changes
Sarah Chen added to Manager
By Mike K. · 2 days ago
Technician: removed billing access
By Mike K. · 5 days ago
Apprentice role created
By Mike K. · 1 week ago
Security Score
92%
Overall
100%
Least Privilege
83%
Separation
100%
No Orphans
Role Management Dashboard
https://app.3bids.io/contractor/team/roles
1
Roles
2
Members
3
Permissions
4
Audit Log
5
Analytics
6
Settings
Role Management
Search roles...
5
Roles
12
Team Members
92%
Security Score
24
Permissions
Admin
System
2 members24/24 perms
Manager
System
3 members18/24 perms
Technician
System
5 members8/24 perms
Permission Matrix
Permission
Admin
Manager
Tech
Sales
Apprentice
View Jobs
Create Bids
View Revenue
Manage Payouts
Company Settings
Audit & Analytics
https://app.3bids.io/contractor/team/roles/audit
1
Roles
2
Members
3
Permissions
4
Audit Log
5
Analytics
6
Settings
Audit & Analytics
7D30D90DAll
Members by Role
Tech
5
Manager
3
Admin
2
Sales
1
Custom
1
Security Compliance
92
score
Security Score
Industry avg: 74%
Excellent
100%
Least Privilege
83%
Separation
Recent Audit Log
Sarah Chen added to Manager
Role assignment by Mike Kowalski
Member
Success
2 days ago
Technician: removed billing access
Permission change by Mike Kowalski
Permission
Success
5 days ago
Apprentice role created
Custom role by Mike Kowalski
Role
Success
1 week ago
Tom Rivera moved Tech to Manager
Role transfer by Mike Kowalski
Member
Success
2 weeks ago

Least privilege principle Each role should have only the permissions needed for that function. Review the matrix regularly to ensure no role has excess access.

Create & Edit Role
https://app.3bids.io/contractor/team/roles/create
Roles
2
Members
3
Permissions
4
Audit Log
5
Analytics
6
Settings
Step 1 of 3
New Role

Create & Edit Role

Define a new role with custom permissions. Start from a template or build from scratch.

Technician
View jobs, update status, log hours
Manager
Full job + bid management, team view
Sales Rep
Create bids, view leads, limited financials
Blank
Start with no permissions
Permissions
Jobs
4 of 6 permissions enabled
View Jobs
See all job listings and details
Create Jobs
Post new job listings
Edit Jobs
Modify existing job details
Delete Jobs
Remove job listings permanently
Assign Jobs
Assign team members to jobs
Archive Jobs
Move completed jobs to archive
Bidding
3 of 4 permissions enabled
Financial
1 of 5 permissions enabled
Team Management
0 of 4 permissions enabled
Settings & Admin
0 of 5 permissions enabled
Permission Matrix
https://app.3bids.io/contractor/team/roles/permissions
Roles
2
Members
3
Permissions
4
Audit Log
5
Analytics
6
Settings
Cross-Role View

Permission Matrix

Compare permissions across all roles. Rows are permission categories, columns are roles.

Granted
Partial
Denied
Permission
Admin
Manager
Technician
Sales
Apprentice
Jobs
View Jobs
Create Jobs
Delete Jobs
Assign Jobs
Bidding
Create Bids
Approve Bids
View Bid History
Financial
View Revenue
Manage Payouts
Process Refunds
Team Management
View Members
Invite Members
Manage Roles
Settings & Admin
Company Settings
API Keys
68%
Overall Grant Rate
3
Partial Permissions
5
Permission Categories

Principle of least privilege Review partial permissions (yellow) regularly. Consider either granting full access or removing entirely to reduce ambiguity.

Data Architecture

Schema tables, queries, mutations, and components that power the Role Management system.

Source Files

RoleCardList
Scrollable role grid with stats
component
CreateRoleForm
Name, desc, color, template inputs
component
PermissionEditor
Accordion categories + toggles
component
RoleDetailScreen
Banner, members, permission summary
component
PermissionMatrix
Audit matrix with compare mode
component
AuditTimeline
Role change history timeline
component
RoleAnalyticsDashboard
Charts, heatmap, logs combined
component

Convex Queries

listCustomRoles
All roles with member counts
query
getCustomRole
Role detail + assigned members
query
listPermissions
Permission catalog grouped by category
query
getPermissionMatrix
Cross-role audit grid
query
getRoleAnalytics
Usage stats, heatmap data
query
listMembers
Team list with current roles
query
getAccessLog
Permission check audit trail
query

Convex Mutations

createCustomRole
Name, desc, color, template, permissions
mutation
updateCustomRole
Edit role metadata + permissions
mutation
deleteCustomRole
Remove role (reassign members first)
mutation
bulkAssignRole
Assign multiple members to a role
mutation
duplicateRole
Clone role with new name
mutation

Key Design Decisions

Color-Coded Roles
Each role gets a unique color for instant visual identification
Template System
Start from pre-built templates then customize permissions
Permission Matrix
Cross-role comparison grid for auditing access
Audit Trail
Every permission change logged with actor + timestamp