RBAC permission overrides
Sometimes the org chart and the donor portfolio do not line up: a campaign lead needs temporary visibility into a restricted fund, or a contractor should enter gifts but never export. Permission overrides let administrators express those realities without inventing a one-off role for every edge case—provided you govern them deliberately.
This guide is for tenant admins who already understand roles and need a disciplined pattern for exceptions.
Overview
Section titled “Overview”Overrides should be time-bounded in policy even when the product allows standing exceptions—review them on a schedule tied to program milestones or audits. Prefer narrow grants (“can view these records”) over broad capability bumps that effectively replicate admin access.
Every override should have a ticket or policy reference in your internal systems; DonorIntel records the change in activity logs, but human context lives in your change management tooling. Anti-patterns—such as permanent overrides for convenience—will be called out in future revisions with concrete remediation steps.