Security - Roles & Permissions Guide

Security - Roles & Permissions Guide

HealthForms Manager uses a granular permission system that allows organizations to precisely control what each user can access and do. Rather than broad "admin" roles, permissions are assigned individually and can be scoped to the entire organization, specific sessions, or groups within sessions.

Permission Levels

Permissions can be assigned at three levels:

Level Scope Example Use Case
Global All sessions in the organization Staff member who manages all sessions
Session A specific session only Volunteer coordinator for a single session
Group A specific group within a session Team leader responsible for their group only

Global Permissions

These permissions apply organization-wide and are typically assigned to staff members.

Permission Description
Owner Full access to all features including billing and organization settings. Cannot be restricted.
Manager Near-complete access to all features except billing and owner-only settings.
Billing Manager Access to billing, invoices, and payment settings.
Settings Manager Access to organization-level settings and configuration.
User Manager Ability to manage user accounts and assign permissions.

Session Permissions

These permissions control access to sessions (sessions) and the participants within them.

Session Management

Permission What They Can Do
Session Manager Create, edit, and configure session settings. Manage forms, groups, and session permissions.

Lock/unlock sessions. | | Session Viewer | View session details and settings (read-only). |

Participant Access

Permission View Participants Edit Participants View Forms Review Forms
Participant Manager Yes Yes Yes Yes
Participant Form Reviewer Yes No Yes Yes
Participant Form Viewer Yes No Yes No
Participant Viewer Yes No No No

Permission Details:

  • Participant Manager - Full control over participants: add, edit, remove participants, send invitations, and access all submitted forms.

  • Participant Form Reviewer - View participants and their submitted forms. Can change form status (approve, request changes, etc.) but cannot edit participant information.

  • Participant Form Viewer - View participants and their submitted forms (read-only). Cannot make any changes.

  • Participant Viewer - View participant list and basic information only. Cannot access submitted forms.

Common Role Configurations

Here are typical permission combinations for common roles:

Session Administrator

Full control over a specific session and its participants.

  • Session Manager

  • Participant Manager

    Form Reviewer

    Reviews and approves submitted forms but cannot modify session settings.

  • Participant Form Reviewer

    Check-in Volunteer

    Views participant information at check-in but cannot access sensitive form data.

  • Participant Viewer

    Session Coordinator

    Manages session settings and can view (but not edit) participant information.

  • Session Manager

  • Participant Viewer

    Read-Only Auditor

    Can view everything but make no changes.

  • Session Viewer
  • Participant Form Viewer

Permission Inheritance

Higher-level permissions automatically include lower-level access:

 Owner
   └── Manager
         └── Session Manager
               └── Session Viewer

 Participant Manager
   └── Participant Form Reviewer
         └── Participant Form Viewer
               └── Participant Viewer

For example, a user with Participant Manager permission can automatically do everything that Participant Form Reviewer, Participant Form Viewer, and Participant Viewer can do.

Assigning Permissions

Permissions are assigned through the Manager portal:

  1. Navigate to Settings > Users
  2. Select a user or invite a new user
  3. Choose the permission level (Global, Session, or Group)
  4. Select the specific permissions to grant

  5. Save changes

    Users can have different permissions for different sessions. For example, a user might be an Session Manager for one session but only a Participant Viewer for another.

Security Notes

  • Permissions are enforced at both the user interface and API levels
  • Users only see menu options and data they have permission to access
  • All permission changes are logged for audit purposes
  • Session-level permissions do not grant access to other sessions
  • Group-level permissions only allow access to participants within that group

Questions?

Contact your organization's Owner or Manager to request permission changes or clarification on your access level.


Setting Up Users

To setup Users and Roles a user will need to be an Owner, Manager, or User Manager. The exception is when setting up Session and Session Group Roles then an Session Manager to set existing users up with the session specific roles. 

Go to the Users module and click Invite.

















Enter their First and Last Name, their email address and select the roles they need. If a role is selected from the Session and Session Group list above then the Session and Group fields will be available. If an Session or a Group is selected and multiple Session specific roles are selected they will all apply to the session and/or group. 

Click Save, an invitation will be sent to the email address and the user will be prompted to accept the invitation. 

Info
When a user created their account they will be required to setup Multi Factor Authentication

Updating User Roles

To update user roles select a user in the Users Module, select the user and click Edit Access

To delete a role click the Trash Can icon on the row of the role that needs to be removed. 
To add a new role select Add Roles.


Select the Role that will be added to the user. If a role is selected from the Session and Session Group list above then the Session and Group fields will be available. Click Save


    • Related Articles

    • April 2026 Platform Improvements & New Features

      Release window: March 2, 2026 – April 16, 2026 New Features & Integrations Black Pug Software / 247Scouting Integration Our integration with Black Pug Software's 247Scouting platform is now complete. Camps and units already using 247Scouting for ...

    • Session Editor

      The Session Editor allows administrators to manage all aspects of a session after it has been created. From the Session Editor, users can update session settings, manage forms, organize participants into groups, assign permissions, send invitations, ...

    • March 2025 Platform Improvements & New Features

      We’ve released a major set of improvements designed to make managing forms, members, and workflows easier, faster, and more reliable. Below are the highlights of the most impactful updates. Form Packets Form Packets make it easy to organize forms and ...

    • Add Participant

      The manual participant process allows administrators to add individual participants directly to a session through the portal. Administrators can enter participant details, assign optional identifiers for integration with external systems, place ...

    • Navigating HealthForms.io Management App

      HealthForms.io Management App is structured into two main sections to streamline your navigation and management tasks: Global Area: This area allows you to manage overarching settings that affect the entire platform. Key Features: Users: Add, remove, ...