Roles and permissions
Roles are the default vocabulary of access in DonorIntel: they bundle permissions that fit common jobs like gift entry, major gift officer, or read-only leadership. This guide helps administrators pick a baseline model, avoid role sprawl, and document what each role can do so fundraisers trust the boundaries.
Use it when standing up a new tenant or after reorganizations that change who touches sensitive donor information.
Overview
Section titled “Overview”Start with the smallest viable set of roles that cover real workflows; splitting “Development Assistant” into five variants usually creates drift. Name roles for outcomes (“Can post gifts”) not org chart trivia (“Team B”), and publish an internal cheat sheet your staff can actually read.
Pair roles with training: people interpret “view donor” differently until they see it in context. When baseline roles are insufficient, use overrides sparingly and document the exception; the RBAC overrides guide covers patterns that stay auditable.