Permissions Reference: What Each One Lets Someone Do
Quick-scan reference for every granular permission in AwardLettr. Use this when granting access to a new VA or auditing what an existing staff member can do.
You'll learn
- Every permission AwardLettr supports and what it gates
- The default state for each permission across the three roles
- How to think about least-privilege when onboarding a new VA
- What the SECURITY DEFINER ACL guard protects you from at the database layer
You just hired a second VA. You want them to handle scheduling, but you do NOT want them sending awards out for signature on your behalf. Which switch do you flip? AwardLettr ships granular permissions for exactly this reason, but the names ("manage_schedule", "use_signwell", "manage_directory") only help if you know what each one actually unlocks.
Without a reference, the temptation is to grant everything because at least then the VA can do their job. Then a week later, they accidentally fire off an award for signature on a file you were still negotiating. Or they rename a carrier in the directory and the new name cascades to a dozen active appraisals. Granting wide and rolling back is much more painful than granting narrow and adding as needed.
This article is the lookup table. Firm admins setting up new staff and anyone auditing what an existing VA can do should bookmark it. Solo appraisers with no staff can skip the rest. Owners always have every permission; admins have most; staff have the bare minimum until you grant more.
This is a quick-scan reference. If you are looking for "should I grant Alyssa manage_schedule?", the table below tells you what that permission unlocks and what the default state is for each role. Owners always have every permission; admins have most; staff have the bare minimum until you grant more.
Read the role article first if you are new
The full permission table
| Permission | What it grants | Owner | Admin | Staff |
|---|---|---|---|---|
| manage_schedule | Book, reschedule, cancel, or block out times on the owner's calendar. Required for VAs handling self-service booking approvals or rebooking inspections. | Yes | Yes | No |
| use_signwell | Send documents for e-signature using the owner's connected SignWell account. Gated separately because SignWell sends are charged against the owner's SignWell quota. | Yes | Yes | No |
| manage_directory | Create, edit, delete carriers, adjusters, appraisers, umpires, and contacts. Directory edits cascade to linked appraisals, so this is intentionally restricted. | Yes | Yes | No |
| send_messages | Send status updates, ad-hoc messages, and email replies on behalf of the owner. Outbound From address is always the owner's outbound email. | Yes | Yes | Yes |
| generate_documents | Generate reports, awards, invoices, panel declarations, and umpire briefs using the workspace's document templates. | Yes | Yes | Yes |
| upload_files | Upload documents to an appraisal's file storage. Uploads sync to the workspace owner's Dropbox / Drive / OneDrive if connected. | Yes | Yes | Yes |
| manage_workflow_templates | Create and edit workflow templates that drive automated messages, tasks, and tag actions on status changes. | Yes | Yes | No |
| manage_tags | Create, edit, delete custom tags and tag automations. Tags appear on every appraisal and affect filtering, so this is admin-level. | Yes | Yes | No |
| manage_billing | View and change subscription, payment method, billing email, and invoice download. Required to upgrade or cancel the AwardLettr subscription itself. | Yes | Yes | No |
| view_revenue | See the pending revenue and earned revenue dashboards. Hidden from staff by default because revenue figures are sensitive. | Yes | Yes | No |
| delete_appraisals | Soft-delete an appraisal. Deletes are recoverable for 30 days from the platform admin console but should be rare. Restricted to owner by default; even admins do not get this on by default. | Yes | No | No |
Least-privilege playbook
When you invite a new VA, follow this sequence. It is much faster to grant a permission when asked than to recover from a permission grant that should not have been given.
Invite as staff
Use Settings, Team, Invite Member. Set role to staff. They get the default capabilities (view, read messages, upload files, send messages, generate documents, add stakeholders) but nothing else.
Grant manage_schedule on day one if they handle scheduling
Most VAs need this immediately. Without it they cannot approve booking requests or reschedule inspections for you.
Wait for them to ask before granting anything else
When they hit a "permission required" error, they will message you with the permission name. Grant it then, not preemptively.
Audit quarterly
Every quarter, open Team settings and review what each staff member has. Revoke anything they no longer use.
How permission changes propagate
Owner toggles permission
Team settings page
Saved to membership row
workspace_memberships table
Checked on every API call
Server resolves permission before each write
Takes effect immediately
Next request from staff sees the new value
Database-layer safety net
Common grants for common roles
Scheduling VA
Defaults + manage_schedule. Handles booking approvals, rescheduling, calendar maintenance. Does not need SignWell, directory edits, or workflow template access.
Documents VA
Defaults + use_signwell. Generates and sends reports, awards, invoices for signature. Stays out of scheduling and directory edits.
Office manager (admin)
All admin defaults. Manages directory, workflow templates, tags, billing. Does not own appraisals, but operates the firm's infrastructure.
What revoking does
Revoking a permission is graceful. Any action already in flight when you revoke completes. Future attempts are blocked immediately. So if you revoke manage_schedule while your VA is mid-booking, the booking they are working on finishes. The next booking attempt returns a permission error. There is no need to wait for a "safe window" to revoke.
Common pitfalls
- •Assuming all staff get all permissions by default. They do not. Most non-trivial actions require an explicit grant.
- •Granting use_signwell preemptively to every staff member. SignWell sends are charged against the owner's quota, so grant only to the people who actually send documents.
- •Granting manage_directory broadly. Directory renames cascade across every linked appraisal. Restrict this permission to people who understand the cascade implications.
- •Forgetting to revoke permissions when a VA leaves. Removing the team member is the cleanest path; if they still need read access for handoff, downgrade to defaults rather than leaving elevated permissions in place.
- •Assuming revocation stops an in-flight action. It does not. The in-flight action completes; only the next attempt is blocked.
Next steps
Related Articles
VAs and Staff: What Your Assistant Can Do For You
Staff and VAs can handle scheduling, messaging, documents, and file uploads on behalf of the owner. Here is what is on by default, what requires a permission grant, and how identity works on outbound emails.
Account Switcher: Working Across Multiple Workspaces
If you are a member of more than one AwardLettr workspace, the TopBar account switcher flips your context cleanly without sign-out. Here is how it works and what stays scoped per workspace.
Team Management & Invitations
Invite team members and manage their roles.