Role-based access
Understand RBAC and least-privilege defaults.
MasjidDesk uses role-based access control (RBAC) at every layer — the sidebar, the API, and the database. The same role enforcement applies whether you click a button or call our REST API.
Built-in roles
- Owner — billing and full control.
- Admin — everything except billing.
- Treasurer — donations, expenses, financial reports.
- Imam — prayer, khutbahs, announcements.
- Volunteer — scoped per-event/shift.
- Viewer — read-only board oversight.
Custom roles (Pro)
Pro plans include custom roles. Define your own role and pick from 60+ fine-grained permissions. Custom roles are auditable in Settings → Roles.
Roles default to the smallest permission set that still lets the role do its job. We err toward locked-down rather than open.