Baseplate defines two complementary role systems to manage user access and experience: System Standard Roles and Rich Roles. This dual-layer approach ensures both operational consistency across tenants and deep personalization aligned to individual users’ professional profiles.
System Standard Roles – Canonical Access Control Across Apps
System Standard Roles are non-editable, global roles that ship with every instance of the Stock SaaS application. They are designed for critical administrative and support functions with clearly defined permissions that span across all application use cases. These roles form the backbone of governance and system configuration:
- System Administrator: Full system access for managing customers, users, billing, integrations, and platform settings (via Firebase). Can also define and manage Rich Roles.
- Customer Success: Scoped access to support assigned customers, including impersonation for troubleshooting, log access, and support ticket handling.
- Customer Administrator: Manages users and settings within their customer account, including role assignments, subscription access, and reporting.
These roles are foundational and focus on platform health, user management, and tenant configuration. Their behavior is consistent across all deployed versions of the SaaS product.
Rich Roles – Persona-Driven Access and Experience Customization
Rich Roles extend the traditional Role-Based Access Control (RBAC) model by adding on deep, persona-based attributes. Managed globally by System Administrators, these roles go beyond permissions—they enable contextual personalization of the user experience through integration with LLMs and adaptive UI elements.
Each Rich Role defines:
- Professional metadata such as title, skills, experience, and digital proficiency
- Behavioral attributes like goals, challenges, current tools, and switching costs
- Access mappings to specific features, helping prioritize UI elements and content
Example Rich Roles include:
- Manager: Has oversight of team performance, communication tools, and team-level analytics
- Standard User: Engages directly with the platform to execute tasks, collaborate, and receive tailored support
Rich Roles are assigned automatically based on email domain and org graph analysis, and are crucial for delivering dynamic content, guided workflows, and tailored feature access.