Permissions
Understand which roles can author templates, create and execute workpacks, configure and grant approvals, raise and close defects, and how external reviewers gain access.
Workpacks Permissions
Workpacks separate the people who build the documents from the people who work through them and the people who approve them. This page explains which capability each role carries, so you can set up your team correctly and understand why someone can or can't do a particular action.
Workpack access is controlled by the same role-based permission system used across Assignar Pay. Your team administrator assigns these capabilities to roles in Roles and Permissions; everyone with that role then inherits the capability.
The Workpack Capabilities
Workpacks have six distinct capabilities. Each one unlocks a specific part of the lifecycle:
| Capability | What It Lets a Person Do |
|---|---|
| View | See workpack templates and live workpacks, open them, and read the inspection points and closeout PDFs |
| Manage | Author and edit templates, create live workpacks, configure the approval chain, raise and disposition defects, transfer ownership, regenerate documents, and close out and archive |
| Sign off | Complete individual inspection points on site — record results and sign Hold, Witness, and Monitor checkpoints |
| Approve | Act as an approver in the approval chain and sign off on the plan before work begins |
| Override | Sign off a point on someone else's behalf when the normal signer is unavailable (recorded on the audit trail) |
| Override status | Manually move a workpack to a different lifecycle status outside the normal flow |
A single role can hold any combination of these. Most teams give site-level staff View and Sign off, give quality and project leads Manage, reserve Approve for the people who formally accept the plan, and keep the two Override capabilities with senior quality staff.
Capability by Role
Workpack capabilities are not switched on for every role out of the box — your administrator decides which roles need them and grants them in Roles and Permissions. The table below shows a typical, recommended setup. Your team's configuration may differ.
| Role | View | Manage | Sign off | Approve | Override | Override status |
|---|---|---|---|---|---|---|
| Owner | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Admin | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Manager | ✓ | ✓ | ✓ | ✓ | — | — |
| Member | ✓ | — | ✓ | — | — | — |
| External reviewer (customer) | ✓ | — | — | ✓ | — | — |
The External reviewer row is the only one configured by default: an invited reviewer can always view and approve the specific workpacks shared with them, and nothing else.
What Each Task Requires
Authoring and managing templates
Building a template from scratch, importing one from a PDF, editing it, publishing a new version, or archiving it all require the Manage capability. People with View only can open templates to read them but cannot change them.
See Templates for the full authoring workflow.
Creating workpacks
Turning a published template into a live workpack for a project requires Manage. Anyone with View can then open and follow the resulting workpack.
See Creating Workpacks.
Executing and signing off on site
Recording results and signing individual inspection points — the Hold, Witness, and Monitor checkpoints — requires Sign off. This is the day-to-day on-site capability, so it's usually given broadly to the field staff who do the work. People with Manage can also sign off.
See On-Site Execution.
Configuring approvers and approving
Setting up the approval chain on a workpack — choosing who has to sign off on the plan and in what order — is part of Manage. Actually granting an approval as a named approver requires the Approve capability.
Approvers can be internal teammates or external head-contractor/client reviewers invited by email. See Approvals and External Reviewers.
Raising and closing defects
Raising a defect or non-conformance against an inspection point, recording its ISO-9001 disposition, and tracking it through to resolution are all part of Manage. Site staff with Sign off flag a failing point during execution; resolving and dispositioning it is a Manage-level task.
See Defects & Non-Conformances.
Closing out and archiving
Finalising a completed workpack into its closeout PDF, and archiving or restoring a workpack, require Manage. Generating or regenerating the closeout document is also a Manage-level action; anyone with View can print or download the plan.
See Closeout & Archiving.
Transferring ownership
Every live workpack has an owner. Transferring ownership to another person requires that you are the current owner or hold Manage, and the person receiving it must at least have View. The change is recorded on the workpack's history.
Override Capabilities
The two override capabilities are deliberately separate from everyday work and should be reserved for senior quality or project staff.
Sign off on someone else's behalf
The Override capability lets a person sign a point even when the normal signer is unavailable — for example, when the assigned inspector has left site and a checkpoint can't wait. Every override sign-off is recorded on the workpack's audit trail, including who exercised the override, so the action is fully traceable.
Override the workpack status
The Override status capability lets a person move a workpack to a different lifecycle status outside the normal step-by-step flow — for instance, reopening a closed workpack or nudging a stuck one forward. Like override sign-offs, every status override is captured on the history with the person and reason.
Because both of these bypass the usual checks, grant them sparingly.
External Reviewer Access
External reviewers — head-contractor or client representatives from outside your organisation — don't sit on your team's normal roles. Instead, they're invited per workpack via a passwordless magic link and land in an Incoming view that shows only the workpacks shared with them.
An external reviewer can:
- View the specific workpacks they've been invited to, including the inspection points and scope shared with them.
- Approve as a named approver in the approval chain when it's their turn.
An external reviewer cannot author templates, create workpacks, sign off on-site inspection points, raise or disposition defects, or close out a workpack. Their access is limited to the workpacks they were invited to and is removed when the invitation is revoked.
See External Reviewers for how invitations and the Incoming view work.
Common Setups
Quality lead owns the documents, crew signs the points
- Quality/project leads: Manage (plus Sign off)
- Site crew: View + Sign off
- Approvals: Approve granted to the people who formally accept plans
This is the most common pattern: a small group builds and maintains workpacks while the wider crew works through and signs off the inspection points on site.
Client approval before work starts
- Internal team: as above
- Client / principal contractor: invited as an external reviewer per workpack (View + Approve)
The client never joins your team — they only ever see and approve the workpacks you share with them.
Locked-down overrides
- Override and Override status granted only to senior quality staff
- Everyone else relies on the normal sign-off and lifecycle flow
Keeping overrides with a small group preserves the integrity of the audit trail while still giving you an escape hatch when something can't follow the normal path.
Troubleshooting
Someone can't see a workpack at all
- Check their role has the View capability.
- If they're an external reviewer, confirm they've been invited to that specific workpack and their invitation hasn't been revoked.
Someone can't create a workpack or edit a template
- These need Manage. Confirm their role has it in Roles and Permissions.
Someone can't sign off an inspection point
- Signing points needs Sign off. Members with View only can read but not sign.
- Check the point isn't already complete or blocked by an earlier checkpoint.
An approver can't approve
- Confirm they hold the Approve capability (or, for external reviewers, that they're a named approver on the chain).
- Check it's actually their turn in the approval order.
Someone can't override a sign-off or status
- These need the Override or Override status capability respectively. They're usually reserved for senior staff and not granted by default.
Permission changes aren't taking effect
- Ask the person to refresh the page, or log out and back in.
- Confirm the capability was granted to the right role and that the person actually holds that role.
Permission Checklist
When setting up Workpacks for your team, decide:
- [ ] Who authors and maintains templates? (Manage)
- [ ] Who creates live workpacks for projects? (Manage)
- [ ] Who signs off inspection points on site? (Sign off)
- [ ] Who approves the plan before work begins? (Approve, plus any external reviewers)
- [ ] Who raises and dispositions defects? (Manage)
- [ ] Who can close out and archive? (Manage)
- [ ] Who, if anyone, may override sign-offs or status? (Override / Override status)
- [ ] Which external clients need invited reviewer access?
What's Next
- Learn the authoring side in Templates.
- Set up the plan acceptance flow in Approvals.
- See how invited clients get access in External Reviewers.
- Review your team's role setup in Roles and Permissions.