Understanding Roles
Steward uses role-based access control to ensure the right people have access to the right information.
Overview
Every user in your organization is assigned a role that determines what they can see and do. Roles are designed to balance the need for broad reporting with appropriate access controls for sensitive information.
Available Roles
Reporter
The most common role, designed for staff and volunteers who need to submit incident reports.
- Create new incident reports
- View and add follow-ups to their own incidents
- Upload attachments to their incidents
- Respond to information requests from reviewers
Best for: Volunteers, general staff, ministry leaders who need to report but not manage incidents.
Reviewer
For team members who need to review and manage incidents across the organization.
- Everything a Reporter can do
- View all non-private incidents in the organization
- Change incident status (submit, close, reopen)
- Mark incidents as urgent
- Assign a reviewer to incidents
- Add internal comments (not visible to reporters)
- Add amendments to correct or clarify incident details
- Request additional information from reporters
- Triage, convert, and dismiss public intake submissions
- View the full audit trail
Best for: Safety team members, department heads, HR staff.
Privileged Reviewer
An elevated Reviewer role with access to sensitive incidents and additional controls.
- Everything a Reviewer can do
- View and manage private incidents
- Mark incidents as private
- Apply or remove legal holds on incidents
- Lock incidents to prevent further changes
- Generate export packets for insurance and legal
Best for: Senior leadership, legal liaisons, executive pastors.
Administrator
For those who need to manage the organization's settings and users.
- Everything a Privileged Reviewer can do
- Invite and remove team members
- Change user roles
- Manage categories, locations, and ministries
- Configure organization settings
- Soft-delete incidents
- Bulk import incidents
- Set data retention policies
Best for: Office managers, operations directors, IT staff.
Owner
The highest level of access, typically reserved for the person who created the organization.
- Everything an Administrator can do
- Override locks on incidents (with required reason)
- Transfer organization ownership
- Manage billing and subscription
- Delete the organization
Best for: Senior pastor, executive director, or designated safety officer.
Permissions Matrix
Here's a quick reference for what each role can do:
| Permission | Reporter | Reviewer | Privileged | Admin | Owner |
|---|---|---|---|---|---|
| Create incidents | |||||
| View own incidents | |||||
| View all incidents | |||||
| View private incidents | |||||
| Add follow-ups | Own only | ||||
| Add internal comments | |||||
| Change status | |||||
| Mark urgent | |||||
| Mark private | |||||
| Assign reviewer | |||||
| Triage intakes | |||||
| Apply legal hold | |||||
| Lock incidents | |||||
| Generate exports | |||||
| Remove attachments | |||||
| Manage users | |||||
| Manage settings | |||||
| Override locks |
Changing Roles
Administrators and Owners can change user roles at any time:
- Go to Settings → Users
- Find the user you want to update
- Click the role dropdown and select the new role
- The change takes effect immediately
Note: There must always be at least one Owner. To change the Owner, use the ownership transfer feature.
Best Practices
- Start with least privilege: Give users the minimum role they need to do their job
- Limit Administrators: Only a few trusted people should manage settings and users
- Use Privileged Reviewer sparingly: Only for those who truly need access to sensitive incidents
- Regular audits: Periodically review who has what access and adjust as needed
- Document role assignments: Keep a record of why each person has their role