Roles & Permissions
BeamEdUp uses role-based access control (RBAC) to manage what each user can see and do. The platform includes 5 built-in system roles, and Organization Admins can create custom roles for more granular control.
Built-in System Roles
System roles are predefined and cannot be deleted. They cover the most common organizational structures:
Organization Admin
Full control within their organization. Manages branches, users, settings, and billing.
Branch Admin
Manages users, classes, and exams within their assigned branch.
Instructor
Creates exams and questions, grades submissions, manages class content.
Learner
Takes exams, uses study tools, earns achievements, and tracks progress.
Guardian
Monitors child's progress, views results, receives notifications.
Permission Matrix
This matrix shows which capabilities each role has by default:
| Feature | Org Admin | Branch Admin | Instructor | Learner | Guardian |
|---|---|---|---|---|---|
Manage Branches | |||||
Manage Users | |||||
Import / Export Users | |||||
Manage Classes | |||||
Create & Manage Questions | |||||
Create & Assign Exams | |||||
Grade Submissions | |||||
Take Exams | |||||
View Analytics | |||||
Manage Settings | |||||
Billing & Subscription |
Permission Categories
Permissions are grouped into categories for easier management:
- User Management — user:view, user:create, user:update, user:delete, user:import, user:export
- Class Management — class:view, class:create, class:update, class:delete, class:roster:manage
- Exam Management — exam:view, exam:create, exam:update, exam:delete, exam:assign, exam:grade
- Question Bank — question:view, question:create, question:update, question:delete
- Analytics & Reports — analytics:view, reports:view, reports:create
- Settings — settings:view, settings:update