Roles & Permissions
Who can see and do what across the entire BuildOS platform — a complete permissions matrix for all four roles.
The Four Roles
BuildOS uses a four-tier role hierarchy. Every user in an organization has exactly one role, assigned by the organization owner through FB-Brain. Roles are cumulative — each higher role includes all permissions of the roles below it, plus additional capabilities.
owner
Organization Owner
The GC firm owner or principal. Full access to everything — financials, pipeline, projects, settings, and user management. Receives Tribunal recommendation cards. The only role that can assign other users to the owner role.
admin
Administrator
Office admin or operations manager. Full project and financial management, pipeline management, HR, fleet, and procurement. Cannot manage user roles. Typically Sarah in the persona model.
superintendent
Superintendent
Site superintendent or project manager. Can update tasks, recalculate schedules, allocate equipment, and view financial summaries — but cannot create/delete projects, manage invoices, or access the pipeline. Typically Mike.
field_worker
Field Worker
On-site crew and labor. Mobile app only. Can view assigned tasks, report progress, check in, and submit field logs. No access to financials, schedule management, or any write operations outside the field app. Typically Carlos.
● Full access
● Read-only
● Limited access
— No access
Complete Permissions Matrix
Projects & Schedule
| Capability | owner | admin | superintendent | field_worker |
|---|---|---|---|---|
| Create new project | ✓ | ✓ | — | — |
| View project details | ✓ | ✓ | ✓ | Assigned tasks only |
| Edit project details (name, address, GSF) | ✓ | ✓ | — | — |
| Archive / close a project | ✓ | ✓ | — | — |
| View Gantt chart & schedule | ✓ | ✓ | ✓ | — |
| Update task progress / percent complete | ✓ | ✓ | ✓ | Via field app only |
| Recalculate CPM schedule | ✓ | ✓ | ✓ | — |
| Add / modify task dependencies | ✓ | ✓ | ✓ | — |
| Adjust task durations manually | ✓ | ✓ | ✓ | — |
Financial Management
| Capability | owner | admin | superintendent | field_worker |
|---|---|---|---|---|
| View corporate financial dashboard | ✓ | ✓ | — | — |
| View project financial summary | ✓ | ✓ | Summary only | — |
| View per-phase budget detail | ✓ | ✓ | — | — |
| Create / edit budget phases | ✓ | ✓ | — | — |
| View invoices | ✓ | ✓ | — | — |
| Create / submit invoices | ✓ | ✓ | — | — |
| Approve / reject invoices | ✓ | ✓ | — | — |
| Mark invoices paid | ✓ | ✓ | — | — |
| View AR aging report | ✓ | ✓ | — | — |
| Approve Tribunal procurement recommendations | ✓ | ✓ | — | — |
Pre-Construction Pipeline
| Capability | owner | admin | superintendent | field_worker |
|---|---|---|---|---|
| View pipeline / prospect list | ✓ | ✓ | — | — |
| Create / edit prospects | ✓ | ✓ | — | — |
| Advance prospect stage | ✓ | ✓ | — | — |
| Mark prospect lost | ✓ | ✓ | — | — |
| Create / manage estimates | ✓ | ✓ | — | — |
| Create / update permits | ✓ | ✓ | — | — |
| View pipeline analytics / revenue forecast | ✓ | ✓ | — | — |
| Trigger permit issuance gate | ✓ | ✓ | — | — |
Procurement, Fleet, HR, & Feed
| Capability | owner | admin | superintendent | field_worker |
|---|---|---|---|---|
| View procurement tracker | ✓ | ✓ | ✓ | — |
| Add / edit procurement items | ✓ | ✓ | — | — |
| Mark procurement items as ORDERED | ✓ | ✓ | — | — |
| View fleet / equipment list | ✓ | ✓ | ✓ | — |
| Create fleet assets | ✓ | ✓ | — | — |
| Allocate equipment to projects | ✓ | ✓ | ✓ | — |
| View employee list | ✓ | ✓ | — | — |
| Manage certifications | ✓ | ✓ | — | — |
| View notification feed | All cards | All cards | Role-targeted | Push only |
| Action / dismiss feed cards | ✓ | ✓ | Targeted cards only | — |
Field Operations (Mobile App)
| Capability | owner | admin | superintendent | field_worker |
|---|---|---|---|---|
| Access mobile app | ✓ | ✓ | ✓ | ✓ (primary interface) |
| View assigned task list | All tasks | All tasks | All tasks | Assigned only |
| Submit progress report (photo + %) | ✓ | ✓ | ✓ | ✓ |
| GPS crew check-in | ✓ | ✓ | ✓ | ✓ |
| Submit daily field log | ✓ | ✓ | ✓ | ✓ |
| Receive push notifications | ✓ | ✓ | ✓ | ✓ |
Role Assignment
Roles are assigned and managed through FB-Brain, the identity platform. The organization owner can:
- Invite new users to the organization by email
- Assign a role at invitation time
- Change a user's role after they've joined
- Remove a user from the organization
Role changes take effect immediately — there is no cache or delay. A user whose role is downgraded from admin to superintendent immediately loses access to financial management and pipeline features on their next page load.
Only one owner per organization can grant the owner role to another user. This prevents privilege escalation scenarios where an admin could promote themselves. If the original owner leaves the firm, an account recovery process through FB-Brain support is required.