Staff Roles & Permissions
Mission uses role-based access control to determine what each staff member can do. Roles are assigned per user within an organization.
Role Hierarchy
| Role | Level | Who Holds It |
|---|---|---|
| Owner | Highest | Typically the senior pastor, executive director, or organization founder |
| Admin | High | Office manager, church administrator, operations director |
| Staff | Standard | Ministry staff, program coordinators, volunteers coordinators |
| Volunteer | Limited | Volunteer leaders with limited system access |
Permissions by Role
Owner
Full access to everything, including:
- All Admin permissions
- Delete the organization
- View and manage all financial data (giving, donor records, statements)
- Change any user's role (including other Admins)
- Configure integrations and API keys
- Manage billing and subscription
Admin
Broad access for day-to-day management:
- All Staff permissions
- Invite new staff users and set their roles
- View all giving and donor financial data
- Delete member records, events, groups, donations
- Access organization settings
- View audit logs
- Configure engine settings
Staff
Standard access for operations:
- Create, read, and update members, families, events, groups, donations
- Record check-ins
- Send communications
- Create and manage volunteers
- View reports and the dashboard
- Add and edit prayer requests (Church engine)
- Add and edit sermons and worship plans (Church engine)
Volunteer
Limited access appropriate for volunteer leaders:
- View member records (read-only)
- Check people in to events
- View groups they are a leader of
- Cannot view financial/giving data
- Cannot create or send communications
- Cannot delete any records
Giving data (individual donation records, donor histories, annual statements) is sensitive. By default, only Staff, Admin, and Owner roles can view this data. Do not assign Admin or Staff roles to volunteers who should not see financial information.
Assigning Roles
- Go to Settings → Organization Members
- Find the staff member in the list
- Click their current role to open the role selector
- Select the new role
- Changes take effect immediately — no logout required
Inviting New Staff
- Go to Settings → Organization
- Click Invite Staff
- Enter the person's email address
- The invited person receives an email with a link to accept the invitation and create their Mission account
- After accepting, their default role is Staff — change it if needed
Multi-Organization Staff
A single Mission user account can be a staff member of multiple organizations. Each organization membership has its own role — someone can be an Admin of one org and a Staff member of another. Users switch between organizations from the org switcher in the top navigation.
Hub SSO and Staff Authentication
Staff can log in to Mission in two ways:
- Direct login — username/password for the Mission account
- Hub SSO — authenticated through The One Hub using a JTI token
When logging in via Hub SSO, Mission validates the JTI (JWT ID token) with the Hub API before creating a session. The Hub SSO flow does not require a separate Mission password.
Session Duration
Staff sessions expire after 8 hours of inactivity. After expiry, staff are prompted to log in again. There is no "remember me" option for staff — this is intentional for security, especially on shared computers.
Member portal sessions (via TheOnePortal) have a longer expiry of 30 days.
Audit Log
All create, update, and delete operations are recorded in the audit log. Admins and Owners can view the audit log from Settings. Each entry shows:
- Who made the change (user name and email)
- What they changed (entity type and ID)
- When the change occurred
- What the change was (old vs. new values for edits)
The audit log cannot be modified or deleted by any role, including Owner.