Roles & Access

Compose access from a grid. No hardcoded roles, ever.

Raven has no hardcoded roles. Admins compose each role from a grid of modules and access levels, assign it to as many people as they like, and Raven grants each person the combined total of their roles, the roles their projects imply, and any special powers granted to them.

raven / access — compose App Role
ModuleViewerMemberAdminSettings
Delivery
Recruitment
Attendance
Assets

Access is unioned across every role a user holds.

How access is composed

Three layers, combined per user.

Access is additive — a person gets the highest level they're granted from any source, so the three layers can only add up, never conflict.

App Roles

Reusable roles built from a grid of modules and access levels, assigned to as many people as needed. Access can be org-wide or limited to a manager's own reporting line.

Implicit project roles

Derived from project membership, never assigned by hand: a project's PM becomes a Delivery-Management Member; a Tech Lead becomes a Delivery Viewer.

Special powers

Fine-grained extras granted to individual people — budget visibility for a read-only Delivery role, or the right to sign off staffing at the final executive step.

Access ladder
  • NoneNo access to the module.
  • VViewerRead-only — view records and reports.
  • MMemberOperate — create and edit day-to-day records.
  • AAdminAdminister — manage the whole module.
  • ASAdmin · SettingsAdminister plus manage credentials & settings.
Special powers
  • Budget visibility

    Adds budget and cost visibility to a read-only Delivery role — see the money without being able to edit projects.

    held by · Accountant · Head of Delivery

  • Staffing sign-off

    The right to sign off on staffing at the final executive approval step, after Ops has reviewed the request.

    held by · Granted per person

The 12 built-in roles

Every role, every module.

This is the current system — earlier names (Admin / PM / Product-Ops / Viewer) are retired. Hover a cell to trace a role across modules.

Access ladderNoneVViewerMMemberAAdminASAdmin · Settings(s) = scoped to reporting line
RoleDeliveryHelpdeskAttendanceData ReconAssetSeatKnowledge1:1 ConnectRecruitmentSaaSContractsreservedInviteRoles
Global AdminFull access to every module plus Settings, invites and role management.ASASASASASASASASASASAS
Global Admin (no settings/invite)Admin in every module, but can't reach Settings, invite users or edit roles.AAAAAAAAAAA
AccountantOwns finance-adjacent modules; read-only in Delivery with budget visibility.V·AAA····AA
Head of DeliveryRead-only oversight of all delivery, with budget visibility.V··········
Executive OfficeAdmin in Delivery, Knowledge and Seat; read-only across the rest.AVVVVAAVVV·
Office AdminMember-level operations across the physical workplace.··M·MM·····
HR MemberHelpdesk & asset viewer; attendance and seat member.·VM·VM·····
RecruiterManages the Keka Hire pipeline in Recruitment.········M··
HR LeadershipHR + Recruitment admin, raised where applicable, scoped to their reporting line.MsAA·AA·AsA··
People Manager1:1s over their reporting line; scoped delivery & attendance visibility.Vs·Vs····Ms···
SalesViewer in Knowledge Base only.······V····
All employeesApplies to everyone: own profile, own timesheet, org chart, directory and dashboard.···········

Every employee gets a baseline: own profile, own timesheet, org chart, employee directory and the dashboard landing — no module grant required.

Access that adds up — predictably.

Compose a role once, assign it to many, and let Raven combine the rest. Every change lands in a full audit log.

Explore modules