Roles & Permissions
Dacard.ai uses hierarchical role-based access control (RBAC). Each user is assigned exactly one role, and higher roles inherit all permissions from lower roles.Six roles
Member
Level 10, Product Manager / ProdOpsScore products and view own results.
Lead
Level 20, Product / ProdOps LeadView team scores, create products, access Operations and Lifecycle reports.
Executive
Level 30, Executive / InvestorPortfolio-level reporting, billing access, read-heavy role.
Admin
Level 40, Account AdminFull account management: members, products, settings.
Super Admin
Level 50, Super AdminCross-account visibility. View all scores, manage multiple accounts.
Dacard Admin
Level 100, Platform OperatorFull system access: impersonation, PQL signals, analytics.
Roles are hierarchical. An
admin (level 40) automatically inherits all permissions from member (10), lead (20), and executive (30).Permission matrix
- Scoring
- Products
- Reports
- Account
- Platform Admin
| Permission | member | lead | executive | admin | super_admin | dacard_admin |
|---|---|---|---|---|---|---|
| Create scores | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| View own scores | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| View team scores | ✅ | ✅ | ✅ | ✅ | ✅ | |
| View all scores | ✅ | ✅ | ||||
| Delete scores | ✅ | ✅ | ✅ |
Role assignment
Roles are assigned during onboarding based on the user’s self-reported title:| Title pattern | Assigned role |
|---|---|
| Founder, CEO, Investor, Board | executive |
| CPO, CTO, VP, Director, Head of, Lead | lead |
| All others (PM, Engineer, etc.) | member |
PATCH /api/account/members. Admins can assign member, lead, executive, or admin. Only dacard_admin can assign super_admin or dacard_admin.
How roles are stored
Roles are stored in two places for resilience:- Clerk publicMetadata, fast path, read from session claims (no DB call)
- Database, source of truth, synced to Clerk on role change