Understanding the Permission System
How Monument's three-domain permission system controls access to features and data.
Overview
Monument uses a three-domain permission system that gives you fine-grained control over who can see and do what. Instead of a single global role, each person can have different levels of access at the organisation, project, and pool levels.
The Three Domains
1. Organisation Permissions
Control access to company-wide features and data:
- Managing company settings
- Viewing financial summaries
- Accessing all projects vs. only assigned ones
- Managing resources and teams
- Viewing staff salaries and cost rates
Organisation permissions come from the user's organisation role (e.g. Owner, Admin, Manager, Member).
2. Project Permissions
Control access to specific projects:
- Viewing project details and financials
- Editing tasks and milestones
- Creating invoices for the project
- Managing project team members
Project permissions come from the user's project role on each project they're assigned to.
3. Pool Permissions
Control access to resource pool data:
- Viewing pool member allocations
- Managing pool membership
- Assigning work to pool members
Pool permissions come from the user's pool role (Lead or Member) in each pool they belong to.
How Permissions Resolve
When Monument checks whether a user can perform an action, it checks across all three domains using OR resolution โ if any domain grants the permission, the user has access.
For example, a user might not have organisation-wide permission to view all project financials, but if they're a project lead on a specific project, they can see that project's finances.
Think of it as three overlapping circles. A user's effective permissions are the union of what they're granted in each domain.
Default Roles
Monument comes with built-in roles for each domain:
Organisation roles:
- Owner โ full access to everything
- Admin โ manage settings, resources, and projects
- Manager โ view and edit projects, manage team
- Member โ basic access to assigned projects and time tracking
Project roles:
- Project Lead โ full control over the project
- Team Member โ view and log time on the project
Pool roles:
- Pool Lead โ manage pool and assign work
- Member โ view pool information
Custom Roles
You can create custom roles with specific permission combinations. See Setting Up Roles and Permissions for details.
What's Next
- Setting Up Roles and Permissions โ configure roles for your organisation
- Permissions Reference โ complete list of all permissions
- Resource Pool Permissions โ pool-specific access control