Roles & Permissions
MijnECC uses a role-based access control (RBAC) system. Roles bundle a set of permissions, and users are assigned one or more roles. All permission checks happen at route level — access is denied if the user does not hold the required permission.
How Roles Work
- A role is a named collection of permissions (e.g. Coordinator, Viewer, Team Lead).
- A user can hold multiple roles. Permissions are additive — holding two roles grants the union of both sets of permissions.
- Role groups bundle multiple roles together for easier bulk assignment.
Roles are managed at Management → User Management → Roles.
Default Roles
MijnECC ships with built-in roles. Typical defaults:
| Role | Typical access |
|---|---|
| Organisation Admin | Full access to all organisation settings, user management, and all projects |
| Project Manager | Create and manage projects; manage teams and membership |
| Coordinator | Create, update, and manage incidents within assigned projects |
| Team Lead | Manage their own team's incidents; accept team assignments |
| Responder | Create incidents and add updates |
| Viewer | Read-only access to incidents in assigned projects |
INFO
Exact role names and permissions depend on your organisation's configuration. Navigate to Management → Roles to see and edit your actual roles.
Permission Categories
Incident Permissions
| Permission | What it allows |
|---|---|
view incidents | See incidents in overview and detail pages |
create incidents | Log new incidents |
edit incidents | Modify existing incident fields |
delete incidents | Remove incidents |
assign incidents | Assign incidents to teams |
accept incidents | Accept team assignments |
resolve incidents | Resolve or close incidents |
cancel incidents | Cancel incidents |
export incidents | Download PDF reports |
manage private incidents | Access private incidents not belonging to own team |
Team Permissions
| Permission | What it allows |
|---|---|
view teams | See team list and detail |
create teams | Create new teams |
edit teams | Rename teams, change colour/callsign |
delete teams | Remove teams |
manage team members | Add/remove users from teams |
Personnel Permissions
| Permission | What it allows |
|---|---|
manage roster | Add, edit, sign in/out roster entries |
import roster | Bulk import roster via CSV |
manage persons | Create, edit, delete persons and groups |
manage statuses | Assign/remove person and group statuses |
Project & Organisation Permissions
| Permission | What it allows |
|---|---|
manage projects | Create, archive, and delete projects |
manage project members | Add/remove members from projects |
manage users | Invite, block, and remove users |
manage roles | Create and assign roles |
manage organisation | Edit organisation-wide settings |
Other Permissions
| Permission | What it allows |
|---|---|
manage reminders | Create and complete reminders |
manage checklists | Create, edit, and delete checklists |
manage file manager | Upload, rename, and delete project files |
manage text shortcuts | Create, edit, delete text shortcuts |
Creating a Custom Role
- Go to Management → User Management → Roles.
- Click New Role.
- Enter a Role Name (e.g. Medical Coordinator).
- Toggle on the specific permissions this role should grant.
- Click Save.
The role is immediately available to assign to users.
Editing a Role
- Find the role in Management → Roles.
- Click Edit.
- Adjust permissions.
- Save.
WARNING
Changes to a role take effect immediately for all users who hold that role.
Deleting a Role
- Find the role.
- Click Delete and confirm.
Users who held the deleted role lose those permissions. Ensure they have another appropriate role before deleting.
Role Groups
Role groups allow you to bundle multiple roles and assign them in one step.
- Go to Management → Role Groups.
- Click New Role Group.
- Name the group and select the roles to include.
- Save.
Assign a role group to a user the same way you assign individual roles — the roles included in the group are applied automatically.
Permissions & Project Membership
Some permissions (e.g. view incidents) only apply within projects the user is a member of. A user with the Viewer role but no project membership cannot see any incidents.
Always ensure users are added to relevant projects via Projects → Members. See Projects → Managing Project Members.