> ## Documentation Index
> Fetch the complete documentation index at: https://docs.carelane.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Roles & Permissions

> Overview of the role-based access control system in Carelane

Carelane uses a hierarchical role-based access control (RBAC) system to manage permissions across organizations, studies, sites, and service providers.

## Role Hierarchy

Roles exist at four levels, each with its own scope of permissions:

<CardGroup cols={2}>
  <Card title="Organization Roles" icon="building" href="/roles-permissions/organization-roles">
    Control access to organization-wide settings and resources.
  </Card>

  <Card title="Study Roles" icon="flask" href="/roles-permissions/study-roles">
    Manage study-level operations and oversight.
  </Card>

  <Card title="Site Roles" icon="hospital" href="/roles-permissions/site-roles">
    Handle site-specific data collection and participant management.
  </Card>

  <Card title="Service Provider Roles" icon="truck-medical" href="/roles-permissions/service-provider-roles">
    Enable external service providers like laboratories.
  </Card>
</CardGroup>

## Role Scopes Overview

| Scope                | Roles                                                                                                                                | Purpose                                   |
| -------------------- | ------------------------------------------------------------------------------------------------------------------------------------ | ----------------------------------------- |
| **Organization**     | Administrator, Member                                                                                                                | Manage organization settings and access   |
| **Study**            | Study Administrator, CI, D-CI, Data Reviewer, Reviewer, Collaborator                                                                 | Oversee study operations and data review  |
| **Site**             | PI, Site Admin, Deputy PI, Sub-Investigator, CRC, Data Entry Specialist, Site Collaborator, Authorized Signer, Local Lab Lead/Member | Execute site operations and data entry    |
| **Service Provider** | Laboratory Lead, Laboratory Assistant                                                                                                | Provide centralized services across sites |

## Permission Inheritance

<Note>
  Higher-level roles do not automatically grant lower-level permissions. An organization administrator still needs explicit study or site roles to access specific studies or sites.
</Note>

## Role Assignment

Roles are assigned through invitations:

<Steps>
  <Step title="Invite User">
    An administrator invites a user via email to join at a specific level (organization, study, or site).
  </Step>

  <Step title="Select Role">
    During invitation, the administrator selects the appropriate role for the user.
  </Step>

  <Step title="User Accepts">
    The invited user accepts the invitation and gains the assigned permissions.
  </Step>
</Steps>

## Multiple Roles

Users can hold multiple roles simultaneously:

* Different roles in different studies within the same organization
* Different roles at different sites within the same study
* Roles at multiple levels (e.g., Study Administrator and Site PI)

<Tip>
  When a user has multiple roles, they receive the union of all permissions from those roles.
</Tip>

## Permissions Matrix

Every member-management page (Organisation, Study, and Site) includes a **Permissions Matrix** that lets you see exactly what each role can do. The matrix is scope-aware — it only shows roles and permissions relevant to the level you are viewing — and supports two view modes:

| View                        | Layout                                                                                                                                                    |
| --------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **By Permission** (default) | Permissions are listed as rows, grouped by feature area; roles appear as columns. Ideal when you want to see "who can do X?".                             |
| **By Role**                 | Roles are listed as rows; permissions appear as columns. Ideal when onboarding a new team member and you need to answer "what does this role give them?". |

Toggle between the two with the buttons at the top of the matrix.

### Role Descriptions

When assigning a role, the role card shows a short description of the role's purpose alongside icons for each permission it carries — so you can make an informed choice without leaving the invitation flow.

## Audit Trail

All role assignments and changes are recorded in the audit trail, including:

* Who made the assignment
* When the change occurred
* The previous and new role values
