Platform basics · Article 2 of 6
Roles & permissions
Navigator uses a roles and permissions system to control what each team member can see and do. Every action — from viewing a customer record to approving an invoice — is governed by permissions assigned to your role.
How roles work
If you can't see a section of the platform or can't take a particular action, it's almost always because your role doesn't include the required permission. Your account administrator can update this.
Roles in Navigator are fully custom. There are no fixed default roles — your organisation creates its own roles and decides which permissions each one includes. A team member is then assigned one or more roles, which determines their access across the platform.
This means your team might have roles like "Invoice Processor", "Onboarding Officer", or "Team Lead" — each configured with exactly the permissions those staff need, and nothing more.
Roles are managed under Settings → Users. You need the user.update permission to create or modify roles.
Permission categories
Permissions are grouped into categories, one for each major area of the platform. Within each category, permissions control specific actions — typically some combination of viewing, creating, updating, and deleting.
| Category | What it controls |
|---|---|
| Account | Account-wide settings (account.update) |
| Automations | Workflow automation rules (automation.*) |
| Claim rules | Rules governing what can be claimed (claim_rule.*) |
| Contacts | Contact records (contact.create/read/update/delete) |
| Customers | Customer (participant) records (customer.*) |
| Dashboard | The account dashboard (dashboard.read) |
| Emails | The inbox and email management (email.*) |
| Email templates | Saved email templates (email_template.*) |
| Extracts | ABA payment files and NDIS extracts (extract.*) |
| Files | File uploads and attachments (file.create, file.blacklist) |
| Invoices | The full invoice lifecycle (invoice.create/approve/reject/cancel/review/split/clone/pause/payment) |
| Notes | Notes attached to records (note.*) |
| Reports | All reports and charts (report.read) |
| Suppliers & agreements | supplier.*, supplier_agreement.* |
| Tags | Tag creation and management (tag.*) |
| Tasks | The task queue (task.create/read/list/update) |
| Users | Team member accounts and roles (user.*) |
Common questions
Why can't I see a section in the sidebar?
Each sidebar item requires a .list permission for that area. For example, to see Tasks you need task.list. If the item isn't appearing, your role doesn't include that permission.
Why can't I approve invoices?
Invoice approval is controlled by invoice.approve specifically. Having invoice.read or invoice.list doesn't automatically grant approval rights.
Why can't I access reports?
All reports require report.read.
Why can't I change account settings?
Account-wide settings require account.update. This is typically limited to administrators.
Why can't I see the dashboard?
The dashboard requires dashboard.read.
Managing roles
To create, edit, or assign roles, go to Settings → Users. From there you can:
- Create new roles and choose which permissions they include
- Edit existing roles to add or remove permissions
- Assign roles to individual team members
You need the user.update permission to manage roles and user access. If you don't have access to Settings, speak with your account administrator.