Roles & permissions
RapidCert uses role-based access control to determine what each user can see and do in the admin dashboard. There are three roles: Administrator, Assessor, and Viewer.Role overview
| Capability | Administrator | Assessor | Viewer |
|---|---|---|---|
| Dashboard — Evaluations & Insurance | ✓ | ✓ | ✗ |
| Dashboard — Health | ✓ | ✓ | ✗ |
| Dashboard — Contractor Email Issues | ✓ | ✓ | ✗ |
| Dashboard — Revenue | ✓ | ✗ | ✗ |
| Dashboard — Discounts & Kickbacks | ✓ | ✗ | ✗ |
| Evaluations — View | ✓ | ✓ | Per-client setting |
| Evaluations — Assess & score | ✓ | ✓ | ✗ |
| Evaluations — Add imported evaluation | ✓ | ✓ | ✗ |
| Evaluations — Assign assessors | ✓ | ✓ | ✗ |
| Evaluations — Manage (delete, refund, remove cert) | ✓ | ✗ | ✗ |
| Evaluations — Edit expiry/issue dates | ✓ | ✗ | ✗ |
| Evaluations — Edit question parameters on approved | ✓ | ✗ | ✗ |
| Insurance — View | ✓ | ✓ | Read-only summary |
| Insurance — Verify & reject | ✓ | ✓ | ✗ |
| Companies — View | ✓ | ✓ | Client-scoped |
| Companies — Create & edit | ✓ | ✓ | ✗ |
| Templates — View | ✓ | ✓ | ✗ |
| Templates — Create & edit | ✓ | ✓ | ✗ |
| Questions — View | ✓ | ✓ | ✗ |
| Questions — Create & edit | ✓ | ✓ | ✗ |
| Users — View & manage | ✓ | ✗ | ✗ |
| Clients — Full access | ✓ | ✗ | ✗ |
| Clients — Read-only | ✗ | ✓ | ✗ |
| Settings — Files & Discounts | ✓ | ✗ | ✗ |
| Settings — Discounts only | ✗ | ✓ | ✗ |
| Billing & Invoices | ✓ | ✗ | ✗ |
| Email management | ✓ | ✓ | ✗ |
| Impersonation | ✓ | ✗ | ✗ |
| Generate certificates | ✓ | ✓ | ✓ |
| Generate reports | ✓ | ✓ | ✗ |
| Regenerate certificates & reports | ✓ | ✓ | ✗ |
| Download certificates | ✓ | ✓ | ✓ |
| Download reports | ✓ | ✓ | Per-client setting |
| Help assistant (Ask AI) | ✓ | ✓ | ✗ |
Administrator
Administrators have full access to every feature in the admin dashboard. This is the highest role available to customer users.What administrators can do
- User management — create, edit, and deactivate admin and assessor accounts
- Client management — create and configure clients, manage categories, pricing, custom fields, domains, and viewer accounts
- Evaluation management — assign assessors, assess evaluations, delete evaluations, remove certifications, issue refunds, edit expiry/issue dates, and edit question parameters on approved evaluations
- Templates & questions — create, edit, and manage evaluation templates and the question bank
- Insurance — view and verify insurance policies
- Settings — manage shared files and platform configuration
- Billing & invoices — view transactions, download receipts, and manage billing
- Discounts — create, edit, delete, and report on discount codes
- Dashboard — access all tabs including Revenue and Discounts & Kickbacks
- Email management — view delivery logs, manage notification preferences, and troubleshoot email issues
- Impersonation — impersonate other users for support purposes only (e.g. to see what a contractor/supplier sees in order to help them). All impersonation sessions are logged for auditing purposes.
- Reports — generate and download evaluation report and certificate PDFs
Administrator-only features
These features are restricted to users with the Administrator role:- User management (the Users page)
- Client management (write access — assessors have read-only access)
- Billing & Invoices
- Settings page
- Revenue and Discounts & Kickbacks dashboard tabs
- Evaluation management actions (delete, refund, remove certification)
- Editing expiry/issue dates on approved evaluations
- Editing question parameters on approved evaluations
- Discount management
- Impersonation
Assessor
Assessors have access to assessment-related features. They can review and score evaluations, manage templates and questions, and view company and client data — but cannot access administrative functions like user management, billing, or settings.What assessors can do
- Evaluations — view, assess, score, assign, reassign, and add notes to evaluations
- Assessment tools — use internal and external comments, action items, and AI Assist for generating assessment guidance
- Templates & questions — create, edit, and manage evaluation templates and the question bank
- Companies — view, create, and edit company profiles
- Clients — view client configuration (read-only)
- Insurance — view and verify insurance policies
- Dashboard — access Evaluations & Insurance, Health, and Contractor Email Issues tabs
- Evaluations — add imported evaluations for companies
- Settings — access the Discounts tab (read/write)
- Email management — view delivery logs and notification data
- Reports — generate and download evaluation report and certificate PDFs
What assessors cannot do
- Access the Users page or manage user accounts
- Create, edit, or delete clients (read-only access)
- Access Settings — Files or Billing & Invoices
- View Revenue or Discounts & Kickbacks dashboard tabs
- Delete evaluations, remove certifications, or issue refunds
- Edit expiry/issue dates on approved evaluations
- Edit question parameters on approved evaluations
- Create or manage discount codes
- Impersonate other users
Customer scoping
Assessors are scoped to the customer account they belong to. They can only see data (evaluations, companies, clients) that belongs to their customer. This scoping is automatic — no additional configuration is needed.Viewer
Viewers have read-only access scoped to a specific client. They are created and managed from the Clients page, not from the Users page.What viewers can do
- View company profiles within their assigned client
- View evaluation status and certifications
- View insurance status
- Generate and download certificate PDFs
- Download report PDFs (if already generated by an admin or assessor, and evaluation viewing is enabled for their client)
- View full evaluation details if enabled for their client (see below)
What viewers cannot do
- Edit any data
- Assess or score evaluations
- Access companies outside their assigned client
- Access the dashboard, templates, questions, users, settings, billing, or email management pages
Client scoping
Viewers are always scoped to a single client. They can see all companies within that client, but nothing outside it. There is no per-company assignment for viewers.Evaluation access
By default, viewers can see company profiles but not full evaluation details. Administrators can enable evaluation access per client using the Allow Viewers to View Evaluations toggle on the client’s Access tab. When evaluation access is enabled, viewers can:- View full evaluation details (responses, scores, comments)
- Download certificate and report PDFs for approved evaluations
- Access evaluation history
This setting applies to all viewers under the client. You cannot enable evaluation access for individual viewers.
Authentication
All roles use the same authentication method — a one-time code sent to the user’s email address. There are no passwords. See Users & Viewers for details.Best practices
- Limit administrator accounts — only grant the Administrator role to users who need access to billing, settings, and user management
- Use assessor accounts for assessment staff — assessors have everything they need for evaluation work without access to sensitive administrative functions
- Use viewer accounts for external stakeholders — viewers provide a safe, read-only view of company data without risk of accidental edits
- Review access quarterly — regularly audit user accounts and deactivate access for people who no longer need it
- Control viewer evaluation access per client — only enable evaluation visibility for clients where viewers genuinely need to see assessment details
Related pages
Users & Viewers
Create and manage user accounts
Clients
Configure clients and viewer access