Permissions Reference
Complete reference for Monument's three-domain permission system — organisation, project, and pool roles.
Overview
Monument uses a three-domain permission system. Each user can have roles at the organisation, project, and pool levels. Permissions resolve with OR logic — if any domain grants access, the user has it.
See Understanding the Permission System for a conceptual overview.
Organisation Roles
Organisation roles control company-wide access.
Default Roles
| Role | Description |
|---|---|
| Owner | Full access to everything. At least one required per company. |
| Admin | Manage settings, resources, projects, and financials. |
| Manager | Create and manage projects, approve timesheets, create invoices. |
| Member | Log time, view assigned projects, manage own profile. |
Organisation Permission Matrix
| Permission | Owner | Admin | Manager | Member |
|---|---|---|---|---|
| View all projects | Yes | Yes | Yes | Assigned only |
| Create projects | Yes | Yes | Yes | No |
| Delete projects | Yes | Yes | Own only | No |
| Manage company settings | Yes | Yes | No | No |
| Manage resources | Yes | Yes | No | No |
| View staff salaries | Yes | Yes | No | No |
| View all financials | Yes | Yes | Yes | No |
| Create invoices | Yes | Yes | Yes | No |
| Approve timesheets | Yes | Yes | Yes | No |
| Log time | Yes | Yes | Yes | Yes |
| Manage roles | Yes | No | No | No |
| Transfer ownership | Yes | No | No | No |
Project Roles
Project roles control access to specific projects. Assigned per project.
Default Roles
| Role | Description |
|---|---|
| Project Lead | Full control over the project — tasks, financials, milestones, team. |
| Team Member | View project, log time, view own tasks. |
Project Permission Matrix
| Permission | Project Lead | Team Member |
|---|---|---|
| View project details | Yes | Yes |
| Edit tasks | Yes | No |
| Create/delete tasks | Yes | No |
| View financials | Yes | No |
| Edit financial items | Yes | No |
| Manage milestones | Yes | No |
| Manage project team | Yes | No |
| Create project invoices | Yes | No |
| Log time on project | Yes | Yes |
Pool Roles
Pool roles control access within resource pools. Assigned per pool.
Default Roles
| Role | Description |
|---|---|
| Pool Lead | Manage pool membership, assign work, view all allocations. |
| Member | View pool information and own allocations. |
Pool Permission Matrix
| Permission | Pool Lead | Member |
|---|---|---|
| View pool members | Yes | Yes |
| View pool allocations | Yes | Own only |
| Manage pool membership | Yes | No |
| Assign work to pool | Yes | No |
| Edit pool settings | Yes | No |
Permission Resolution
When checking access, Monument evaluates all three domains:
- Check organisation role permissions
- Check project role permissions (if action is project-specific)
- Check pool role permissions (if action is pool-specific)
If any domain grants the permission, access is allowed. This means:
- An Admin doesn't need a project role — their org role grants project access
- A Member with Project Lead on one project can manage that project's financials
- A Pool Lead can see pool allocations even without org-level financial access
Changing a user's role takes effect immediately. Review the permission matrices above before modifying roles.
Custom Roles
You can create custom roles in each domain with specific permission combinations. Go to Settings > Roles & Permissions to create and manage custom roles.
Custom roles can combine any subset of permissions. This lets you create roles like "Finance Manager" (financial permissions without project management) or "Observer" (view-only access to specific projects).