Two Layers, Not a Ladder
BFF does not use a single hierarchy of job ranks. Permissions come from independent layers, and a person’s access is simply the combination of them:
- Platform layer — who operates the platform or a partner organization
- Company layer — what you can do inside a specific company: Admin or Member
- Document layer — content-governance roles on individual controlled documents
Platform Layer
| Role | Scope |
|---|---|
| Platform Operator | Runs the BFF platform itself — partners, billing, feature flags, platform admin tools. Sees the Platform Admin link at the bottom of the sidebar. |
| Partner Admin | Manages all companies under their partner organization via the Partner Portal (Overview, Companies, Team, Scheduling, Time Off, Referral, Commissions). |
Both are treated as admins inside any company they can access. Most users have neither — and never need them.
Company Layer: Admin or Member
Within each company, every user has exactly one system role:
| Role | What They Can Do |
|---|---|
| Admin | Everything in the company: invite and manage people, configure settings and branding, manage Schedule Templates and Company Roles, view Agent Activity, manage AI agents |
| Member | Day-to-day work: view tasks and schedules, read published documents, complete Required Reading, submit time-off requests |
System roles are assigned per company — someone can be an Admin in one company and a Member in another.
Document Layer
Controlled documents (Policies, SOPs, Work Instructions, Training) carry their own governance roles: Owner, Author, Reviewer, Approver, and Reader. These are independent of the company layer — a regular Member can be the Owner or Approver of a specific document without being a company Admin. See Document Roles and Lifecycle in the Document Control section for details.
Company Roles Are Job Titles, Not Permissions
The Roles page (Settings group, admin-only) manages Company Roles — job-title labels like “Shift Supervisor” or “Producer” used for org structure and supervisor assignments. They grant no permissions whatsoever. Access is controlled entirely by the layers above. See Company Roles (Job Titles) in the Team Management section.
Data Isolation
BFF enforces strict data isolation between companies. A user in Company A can never see data from Company B, regardless of role — enforced at both the application and database levels.
Tip: Follow least privilege — make people Members by default and reserve Admin for those who genuinely configure the company. Use document roles to delegate ownership of individual Policies and SOPs without handing out Admin.