Roles & Permissions
TrueGrade uses role-based access control (RBAC). Every user is assigned one or more roles per organization. Roles determine which features they can access and what actions they can perform. Where a user holds multiple roles, the highest-ranked role determines access.
Role Hierarchy
Roles are ranked from highest to lowest authority. A higher-ranked role can do everything a lower-ranked role can do unless explicitly restricted.
| Rank | Role | Description | Typical User |
|---|---|---|---|
| 5 | Platform Admin | TrueGrade support and operations role. Superuser access across all organizations. Reserved for TrueGrade staff — not assignable from within your organization. | TrueGrade support engineer |
| 4 | Admin | Full organization-level access, including billing, user management, integrations, audit log, and all project data. | Company principal, office manager |
| 4 | Senior Estimator | Admin-equivalent authority for proposal review, change-order edits, and compliance override scenarios. Cannot manage users or billing. | Chief estimator, preconstruction lead |
| 3 | Project Manager | Manages project compliance, certifications, change orders, cost actuals, pay applications, and crew assignments on projects they are assigned to. | Project manager, project superintendent |
| 2 | Foreman | Reviews timesheets, manages daily crew status, submits daily reports, and verifies field issues. | Site foreman, lead carpenter |
| 2 | Accounting | Manages cost actuals, receipts, transactions, account codes, and views proposals and pay applications. Cannot edit estimates or run user management. | Bookkeeper, controller, finance manager |
| 1 | Field User | Submits and edits their own timesheets and field-board items. Read-only on most project surfaces. | Field crew, laborer, apprentice |
Platform Admin is a system-level role reserved for TrueGrade support staff. Platform Admins can access all organizations for support purposes and are not configurable from within your organization. Every gate that lets an Admin act also lets a Platform Admin act.
Permissions Matrix
The matrix below mirrors the actual role gates enforced in the TrueGrade application. Where a role grants access by hierarchy (e.g., Admin includes everything Project Manager does), only the lowest role with the capability is marked.
Administration
| Action | Platform Admin | Admin | Senior Estimator | Project Manager | Foreman | Accounting | Field User |
|---|---|---|---|---|---|---|---|
| Manage billing & subscription | ✓ | ✓ | — | — | — | — | — |
| Invite users, change roles, deactivate accounts | ✓ | ✓ | — | — | — | — | — |
| View audit log | ✓ | ✓ | — | — | — | — | — |
| Configure SSO connections | ✓ | ✓ | — | — | — | — | — |
| Configure webhooks | ✓ | ✓ | — | — | — | — | — |
| Configure email providers | ✓ | ✓ | — | — | — | — | — |
| Configure notification channels | ✓ | ✓ | — | — | — | — | — |
| Configure agentic AI providers | ✓ | ✓ | — | — | — | — | — |
| Access all organizations (cross-org) | ✓ | — | — | — | — | — | — |
Compliance
| Action | Platform Admin | Admin | Senior Estimator | Project Manager | Foreman | Accounting | Field User |
|---|---|---|---|---|---|---|---|
| View subcontractor list | ✓ | ✓ | — | ✓ | — | ✓ | — |
| Add / invite subcontractor | ✓ | ✓ | — | ✓ | — | — | — |
| Review & verify documents | ✓ | ✓ | — | ✓ | — | — | — |
| Reject documents | ✓ | ✓ | — | ✓ | — | — | — |
| Override compliance gate on pay applications | ✓ | ✓ | — | — | — | — | — |
| Configure alert thresholds | ✓ | ✓ | — | — | — | — | — |
Cost Intelligence
| Action | Platform Admin | Admin | Senior Estimator | Project Manager | Foreman | Accounting | Field User |
|---|---|---|---|---|---|---|---|
| Create / edit estimates | ✓ | ✓ | ✓ | ✓ | — | — | — |
| View proposals | ✓ | ✓ | ✓ | ✓ | — | ✓ | — |
| Create / edit change orders | ✓ | ✓ | ✓ | ✓ | — | — | — |
| Approve / reject change orders | ✓ | ✓ | — | — | — | — | — |
| View change orders | ✓ | ✓ | ✓ | ✓ | — | ✓ | — |
| Enter cost actuals | ✓ | ✓ | — | ✓ | — | ✓ | — |
| Override compliance gate on cost actuals | ✓ | ✓ | ✓ | — | — | — | — |
| View budget reports | ✓ | ✓ | ✓ | ✓ | — | ✓ | — |
| Import transactions / commit imports | ✓ | ✓ | — | ✓ | — | — | — |
Field Reporting
| Action | Platform Admin | Admin | Senior Estimator | Project Manager | Foreman | Accounting | Field User |
|---|---|---|---|---|---|---|---|
| Submit daily reports | ✓ | ✓ | — | ✓ | ✓ | — | — |
| View daily reports | ✓ | ✓ | — | ✓ | ✓ | — | — |
| Create field-board issues | ✓ | ✓ | — | ✓ | ✓ | — | ✓ |
| Verify / close field-board issues | ✓ | ✓ | — | ✓ | ✓ | — | — |
| View / annotate drawings | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Submit RFIs (elevated routing) | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | — |
Labor
| Action | Platform Admin | Admin | Senior Estimator | Project Manager | Foreman | Accounting | Field User |
|---|---|---|---|---|---|---|---|
| Submit own timesheet | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Edit own draft timesheet | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Approve / reject timesheets | ✓ | ✓ | — | ✓ | ✓ | — | — |
| View crew status & compliance | ✓ | ✓ | — | ✓ | ✓ | — | — |
| Create / edit pay applications | ✓ | ✓ | — | ✓ | — | ✓ | — |
| Override compliance gate on pay applications | ✓ | ✓ | — | — | — | — | — |
Procurement & Subcontracts
| Action | Platform Admin | Admin | Senior Estimator | Project Manager | Foreman | Accounting | Field User |
|---|---|---|---|---|---|---|---|
| View subcontracts | ✓ | ✓ | — | ✓ | — | ✓ | — |
| Create / edit subcontracts | ✓ | ✓ | — | ✓ | — | — | — |
| Issue / close RFQs | ✓ | ✓ | ✓ | ✓ | — | — | — |
| Award bids | ✓ | ✓ | ✓ | ✓ | — | — | — |
| Run AI classification on intake | ✓ | ✓ | — | ✓ | — | — | — |
Changing a User’s Role
An Admin (or Platform Admin) can change a user’s role from Administration → Users. Select the user and choose a new role from the dropdown. Role changes take effect immediately on next page load. All role changes are recorded in the audit log.
Downgrading a user’s role (for example, from Admin to Field User) is immediate. Make sure the change is intentional before saving — historical data remains accessible but the user’s editable surface area shrinks immediately.
Multi-Role Assignments
A user can hold more than one role simultaneously (for example, a working owner who is both Admin and Foreman). When evaluating access, TrueGrade uses the highest-ranked role the user holds for hierarchical gates, and full set membership for any-of gates. Practical effect: granting an additional role only expands what a user can do — it never restricts.