How to Manage Permissions
Configure granular, module-level access control for each team member using role-based access control (RBAC)
How to Manage Permissions
Course37 uses Role-Based Access Control (RBAC) with per-module granularity. This means you can precisely control what each team member can see and do across different modules of the platform.
How Permissions Work
Permissions in Course37 work on two levels:
- Role Level — The base role (Admin, Teacher, Moderator, Staff) sets the foundation
- Module Level — Fine-grained permissions per module override the base role
User's Access = Base Role Permissions + Module-Level Overrides
Important: Admin role has full access to everything and cannot be restricted with module-level permissions. Module permissions apply to Teacher, Moderator, and Staff roles.
Setting Module Permissions
- Go to Settings → Team Members
- Find the team member you want to configure
- Click the gear icon (⚙️) next to their name
- You'll see a permissions matrix showing all available modules
📸 Screenshot: Permission matrix with modules and checkboxes
Permission Matrix
Each module has four permission levels:
| Permission | What It Allows |
|---|---|
| View | See data and listings in this module |
| Create | Add new items (courses, students, payments, etc.) |
| Edit | Modify existing items |
| Delete | Remove items permanently |
Example Configuration for a Teacher
| Module | View | Create | Edit | Delete |
|---|---|---|---|---|
| Courses | ✅ | ✅ | ✅ | ❌ |
| Students | ✅ | ✅ | ❌ | ❌ |
| Payments | ✅ | ❌ | ❌ | ❌ |
| Exams | ✅ | ✅ | ✅ | ✅ |
| Website | ❌ | ❌ | ❌ | ❌ |
| Automations | ❌ | ❌ | ❌ | ❌ |
| Settings | ❌ | ❌ | ❌ | ❌ |
| Books | ❌ | ❌ | ❌ | ❌ |
| Attendance | ✅ | ✅ | ✅ | ❌ |
| Question Bank | ✅ | ✅ | ✅ | ❌ |
- Toggle each permission on or off as needed
- Click Save Changes
Available Modules
Here are all the modules you can set permissions for:
| Module | Controls Access To |
|---|---|
| Courses | Course creation, editing, content management |
| Students | Student profiles, enrollment, data |
| Payments | Payment records, receipts, financial data |
| Exams | Exam creation, grading, results |
| Question Bank | Question creation, import, management |
| Website | Website builder, pages, sections |
| Automations | Workflow creation and management |
| Attendance | Attendance marking, reports |
| Books & Orders | Book management, order fulfillment |
| Settings | Organization settings (usually admin-only) |
| Analytics | Dashboard and reporting data |
| Integrations | Third-party service configurations |
Special Rules for Teachers
Teachers have an additional restriction beyond module permissions:
Teachers can only access courses and batches they are explicitly assigned to, regardless of their module permissions.
This means even if a Teacher has "View" permission on the Courses module, they'll only see courses they've been assigned to — not all courses in the organization.
To assign a teacher to a course, see How to Create Teachers.
Permission Inheritance
Permissions follow this logic:
- Create implies View — You can't create without seeing the module
- Edit implies View — You can't edit without seeing the module
- Delete implies View — You can't delete without seeing the module
- Permissions are NOT hierarchical — Having Edit doesn't mean you can Create or Delete
Best Practices
- Principle of Least Privilege — Give each user only the permissions they need
- Regular Audits — Review permissions quarterly to ensure they're still appropriate
- Use Roles First — Set the base role correctly before fine-tuning module permissions
- Document Access — Keep a record of who has access to sensitive modules like Payments and Settings
Related Articles
- How to Invite Users — Add team members to your organization
- How to Create Teachers — Create and assign teacher accounts
- How to Add a Branch — Multi-location management with content isolation