Reference
Role Access Matrix
Exact report-system role expectations for partner admins, Trust and Safety, ConOps, Marketing, and FPH administrators.
Use This Reference Carefully
Use this guide when a safety, accountability, or follow-up record needs careful handling. In this guide, Role Access Matrix narrows that work to exact report-system role expectations for partner admins, Trust and Safety, ConOps, Marketing, and FPH administrators. Because this is a reference page, read it as part of the Report System learning path rather than as an isolated checklist.
A report is a written memory of something important. The goal is to protect people, keep facts clear, and leave enough context for future reviewers. Read the page for the decision it helps a person make, then use the steps and checks as a steady path from context to action to proof.
What This Reference Collects
This page is for checking details. Use it to confirm names, routes, records, fields, or certification points before relying on memory. The intended readers are Partner admins, FPH administrators, and Support leads. If the guide names a dashboard route, service area, export, or record type, treat that name as a pointer to real operational responsibility.
- Primary surface or service: /reports, /reports/all, /reports/cross-bans, and /reports/ban-appeals.
- Records or contracts involved: Role permissions, Incident reports, and Network decisions.
- Main care point: Watch for incomplete facts, unfair wording, privacy exposure, or a decision that another reviewer cannot understand later.
- Proof worth keeping: report ID, saved status, revision history, person profile, evidence note, reminder, reviewer decision, and handoff owner.
How To Find The Right Entry
- Search for the exact name or route: Begin by naming the Report System situation, the owner, and the exact item involved in Role Access Matrix.
- Read the surrounding note, not only the matching line: Use /reports, /reports/all, /reports/cross-bans, and /reports/ban-appeals to connect the words on the page to the screen, file, service route, or record that people actually use.
- Compare the reference with the live screen, file, or service evidence: Keep Role permissions, Incident reports, and Network decisions in view so the work stays tied to the records or contracts it can affect.
- Save the evidence that proves the entry was checked: Before handing off, save proof such as report ID, saved status, revision history, person profile, evidence note, reminder, reviewer decision, and handoff owner so another reviewer can understand the facts without relying on memory.
Confirm The Reference Still Matches Reality
You are ready to use the rest of this page when the purpose, owner, affected information, and proof are all clear enough for a second person to review.
- Scope is named: The work is tied to the correct page, event, report, route, file, person, or record.
- Impact is understood: The operator can explain the effect on people, privacy, fairness, evidence, and the trustworthiness of the record.
- Proof is findable: The handoff points to evidence that another reviewer can understand the facts without relying on memory.
End-to-end operator runbook
Use this numbered runbook when you need to operate this area without getting stuck. Read the purpose of each step, do the action in order, and use the final sentence as the checkpoint before continuing.
- Step 1 - Choose the right path. Use this reference when you need to confirm a route, role, record, or certification expectation before acting. This anchors the work to the correct scope before any record changes.
- Step 2 - Confirm scope and records. Find the dashboard surface or record type involved in the current task. Pause here and confirm the note is factual, fair, and reviewable.
- Step 3 - Do the operating action. Compare what you see in
/reports,/reports/all,/reports/cross-bans,/reports/ban-appealswith the expected access, state, and records described here. This keeps the report useful to the next reviewer instead of only to the person writing it. - Step 4 - Verify the result. If something does not match, stop the workflow and capture the route, event/report ID, user role, and visible error state. The next action should still protect privacy, evidence, and due process.
- Step 5 - Hand off remaining work. Return to the related operating guide after the reference question is answered. This leaves a handoff trail another operator can understand.
Roles
The dashboard uses user-friendly role labels and underlying role values.
| Label | Role value | Report-system expectation |
|---|---|---|
| Admin | partner_admin | Can administer partner reports and partner-scoped enforcement records. |
| Trust and Safety | event_staff | Can file reports and update reports according to ownership and policy rules. |
| ConOps | partner_operator | Should not receive report-only mutation permissions. |
| Marketing | viewer | Should not receive report-only mutation permissions. |
| FPH administrator | fph_admin | Can handle platform/network surfaces such as cross-ban decisions and appeal review. |
Surface access expectations
| Surface | Partner admin | Trust and Safety | ConOps | Marketing | FPH admin |
|---|---|---|---|---|---|
/reports | Yes | Yes | Limited or denied | Limited or denied | Yes |
/reports/all | Yes | Yes, scoped | Denied for mutation | Denied for mutation | Yes |
/reports/my-reports | Yes | Yes | Usually not report writer | Usually not report writer | Yes |
/reports/new | Yes | Yes | Denied unless granted | Denied unless granted | Yes |
/reports/detail | Scoped | Scoped | Denied or read-limited | Denied or read-limited | Network/platform scope |
/reports/manage | Scoped mutation | Own/scoped mutation | Denied | Denied | Platform/network scope |
/reports/cross-bans | Request/read scoped | Request/read scoped | Denied | Denied | Decide/review |
/reports/ban-appeals | Not FPH-only decisions | Not FPH-only decisions | Denied | Denied | Decide/review |
/reports/profiles | Yes | Scoped | Denied mutation | Denied mutation | Yes |
Negative checks
Certification should prove:
- ConOps cannot create or mutate reports.
- Marketing cannot create or mutate reports.
- Trust and Safety cannot update reports outside allowed ownership or scope.
- Partner admin cannot perform FPH-only network decisions.
- FPH admin can access network decision surfaces.