# User Roles & Permissions KC7 has three roles. Each one has a different scope and a different set of things they can do. ## Role Overview | Role | Scope | Primary Use | | ----------------------- | --------------------- | -------------------------- | | **Tenant Manager** | Entire tenant | Full administrative access | | **Classroom Manager** | Assigned classroom(s) | Classroom-level management | | **Student/Participant** | Enrolled games | Game participation only | ## Tenant Manager Full administrative access across the entire tenant. You become a Tenant Manager automatically when your tenant is created. **Can do:** * Create, modify, and delete classrooms * Manage all users and assign roles (including other Tenant Managers) * Access every classroom, game, and analytics view * Configure tenant-wide settings, branding, and integrations * Export any data * Manage billing **Good fit for:** the primary admin, IT staff running the platform, program directors. Most organizations only need 2 to 5 Tenant Managers. ## Classroom Manager Administrative access limited to specific classrooms. Tenant Managers assign this role on a per-classroom basis. **Can do (in assigned classrooms):** * Create, configure, and delete games * Add and remove participants * View analytics and export data * Modify classroom settings **Cannot do:** * Access classrooms they're not assigned to * Create new classrooms * Modify tenant-wide settings * Assign roles to other users * Manage billing A single user can manage multiple classrooms. Useful for instructors teaching multiple sections. **Good fit for:** instructors, department leads, event coordinators, TAs. ### How to assign 1. Go to the tenant Users tab or a classroom Users tab 2. Select the user (they must already be in the tenant) 3. Set their role to Classroom Manager 4. Pick which classroom(s) they manage 5. Confirm ## Student / Participant Default role for anyone who joins a classroom or gets added to a game. No manual assignment needed. **Can do:** * Play games they're enrolled in * Submit answers, earn badges, track their own progress * See leaderboards (when enabled) **Cannot do:** * See other participants' detailed answers or analytics * Access any management features ## Permission Matrix ### Classroom Operations | Action | Tenant Manager | Classroom Manager | Student | | ----------------------- | -------------- | ----------------- | ------- | | Create classroom | ✅ | ❌ | ❌ | | View classroom | ✅ (all) | ✅ (assigned) | ❌ | | Edit classroom settings | ✅ (all) | ✅ (assigned) | ❌ | | Delete classroom | ✅ | ❌ | ❌ | | Customize appearance | ✅ (all) | ✅ (assigned) | ❌ | ### Game Operations | Action | Tenant Manager | Classroom Manager | Student | | ----------------------- | -------------- | ------------------------- | --------------- | | Create game | ✅ | ✅ (in assigned classroom) | ❌ | | Configure game settings | ✅ | ✅ (in assigned classroom) | ❌ | | Delete game | ✅ | ✅ (in assigned classroom) | ❌ | | Play game | ✅ | ✅ | ✅ (if enrolled) | | View game link | ✅ | ✅ (in assigned classroom) | ✅ (if enrolled) | ### User Management | Action | Tenant Manager | Classroom Manager | Student | | ------------------------ | -------------- | --------------------------- | ------- | | Add participants | ✅ | ✅ (to assigned classroom) | ❌ | | Remove participants | ✅ | ✅ (from assigned classroom) | ❌ | | Assign Tenant Manager | ✅ | ❌ | ❌ | | Assign Classroom Manager | ✅ | ❌ | ❌ | | View user list | ✅ (all) | ✅ (assigned classroom) | ❌ | ### Analytics & Data | Action | Tenant Manager | Classroom Manager | Student | | ------------------------ | -------------- | ---------------------- | ------------ | | View classroom analytics | ✅ (all) | ✅ (assigned) | ❌ | | View game analytics | ✅ (all) | ✅ (assigned) | ❌ | | View individual progress | ✅ (all) | ✅ (assigned classroom) | ✅ (own only) | | Export data | ✅ (all) | ✅ (assigned classroom) | ❌ | | Generate reports | ✅ (all) | ✅ (assigned classroom) | ❌ | ### Tenant Settings | Action | Tenant Manager | Classroom Manager | Student | | ---------------------- | -------------- | ----------------- | ------- | | Modify tenant settings | ✅ | ❌ | ❌ | | Configure integrations | ✅ | ❌ | ❌ | | Manage billing | ✅ | ❌ | ❌ | | View audit logs | ✅ | ❌ | ❌ | | Configure SSO | ✅ | ❌ | ❌ | ## Assignment Tips Default new users to Student. Promote to Classroom Manager only when they need to actually configure games or manage participants. Reserve Tenant Manager for full platform admins. Review role assignments at term boundaries (for educational programs) or at least annually. Remove access promptly when someone changes roles or leaves. When offboarding, check all of a user's role assignments before removing anything. Export any data you need to keep first, then remove classroom memberships, then revoke manager roles. ## Changing Roles **Promote a Student to Classroom Manager:** 1. Go to the Users tab 2. Select the user 3. Change their role to Classroom Manager 4. Assign the classroom(s) they should manage 5. Let them know **Promote a Classroom Manager to Tenant Manager:** 1. Go to the tenant-level Users tab 2. Select the user 3. Change their role to Tenant Manager **Demote:** Reverse the process. Historical data, analytics, and contributions are preserved when a role changes. ## Special Cases **Guest instructors.** Assign Classroom Manager for the engagement, set a calendar reminder, remove access when they're done. **Teaching assistants.** Classroom Manager works. They can manage students and view analytics. **External evaluators.** Contact support if you need read-only or other custom variants. ## Troubleshooting **User can't access something they should.** Check their current role, their classroom assignments, and whether they've logged out and back in since the change. Role changes can take a few minutes to propagate. **User has too much access.** Check for an accidental Tenant Manager assignment. Audit recent role changes. **Role change isn't taking effect.** Have them log out and back in. Clear browser cache. Wait 5 to 10 minutes. Contact support if it persists. ## Related Documentation * [Managing Users](/using-the-tenant-system/managing-users.md) - Adding and organizing users * [Organizing Classrooms](/using-the-tenant-system/managing-games/classrooms.md) - Classroom structure and management * [Managing Games](/using-the-tenant-system/managing-games.md) - Game permissions and access *** [Back to Tenant Overview](/using-the-tenant-system/overview.md) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.kc7cyber.com/using-the-tenant-system/managing-users/user-roles.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.