oxFlow Roles & Permissions Matrix

Capability matrix defining what each User Role can do in oxFlow. Pairs with the glossary User / Role definitions.

Related docs: glossary.md · concept-map.md

1. Roles overview

Three roles, hierarchically nested in capability:

Role	Scope	One-line summary
Admin 🟢	Full workspace	System owner. Does everything Lead Estimator can, plus manages Users, Roles, lookups, branding, and integrations.
Lead Estimator 🟢	Tender / Estimate control	The accountable owner for pricing. Does everything Estimator can, plus creates Tenders and Estimates, manages Commercials, runs Adjudications, and locks/submits estimates.
Estimator 🟢	Item-level work	The day-to-day build-up worker. Edits Items, Worksheets, Worksheet Resources, Variables, Calculations, Content Blocks. Cannot configure Estimates or run Commercials.

Key principles:

Roles are hierarchical — Admin ⊇ Lead Estimator ⊇ Estimator. If a capability is granted to Estimator, Lead Estimator and Admin automatically have it.
Every User has exactly one Role. Multi-role users not supported in v1.
Role is assigned in the oxFlow Admin page after M365 sync pulls in identity.
Admin capabilities are intentionally wide because Admins are the only ones who can affect system-wide configuration.

2. Scoping — who can do what, to what

Oxcon runs a flat team structure; oxFlow doesn’t need per-Tender or per-Estimate assignment-based permissions. Capability is driven entirely by Role:

Any Admin can do anything.
Any Lead Estimator can act on any Tender or Estimate in the workspace (including Lock, Submit, Publish).
Any Estimator can act on any Tender or Estimate in the workspace within the Estimator capability set.

The Lead Estimator field on an Estimate identifies the nominal owner for reporting and accountability — it does not gate access. Any Lead Estimator can still Lock, Submit, or Publish, regardless of whether they’re the assigned Lead.

Admin-managed lookups and system-level configuration (Integrations, User/Role management) remain Admin-only.

Concurrency: multiple Users can edit the same Estimate simultaneously, with explicit per-Item locks. When one User is actively editing an Item (and its Worksheet), other Users see that Item as read-only with “currently edited by [User]“. Concurrent editing on different Items is unrestricted. Flagged 🟡 for Oxcon workshop discussion.

3. Permissions matrix

Legend: ✅ Allowed · ❌ Not allowed · 🔒 Allowed under condition (footnoted)

Tenders

Capability	Admin	Lead Estimator	Estimator
View Tender list	✅	✅	✅
View Tender details	✅	✅	✅
Create Tender	✅	✅	❌
Edit Tender metadata (client, dates, location, status)	✅	✅	❌
Upload / replace Tender Program	✅	✅	❌
Link Program Tasks to Items	✅	✅	✅
Transition Tender state (Active → Submitted → Won/Lost/Archived)	✅	✅	❌
Delete Tender (hard delete)	✅	❌	❌

Estimates

Capability	Admin	Lead Estimator	Estimator
View Estimate list	✅	✅	✅
View Estimate details	✅	✅	✅
Create Estimate (within a Tender)	✅	✅	❌
Edit Estimate metadata (name, number, notes)	✅	✅	❌
Assign Lead Estimator on Estimate	✅	✅	❌
Transition Estimate state (In Progress → Reviewed → Submitted)	✅	✅	❌
Archive Estimate	✅	✅	❌
Delete Estimate	✅	❌	❌

Items & Worksheets

Capability	Admin	Lead Estimator	Estimator
View Items	✅	✅	✅
Create Item	✅	✅	✅
Edit Item attributes (description, code, Unit, quantity)	✅	✅	✅
Set Item Type (Schedule / Normal / Provisional / Rate-Only)	✅	✅	✅
Set Item Flags (Indirect Cost, Inactive)	✅	✅	✅
Assign Estimator to Item	✅	✅	❌
Delete Item	✅	✅	✅
Edit Worksheet content (Variables, Calculations, Content Blocks)	✅	✅	✅
Add Worksheet Resource / Worksheet Recipe	✅	✅	✅
Push through snapshot update (accept new Resource rate)	✅	✅	✅

Recipes

Capability	Admin	Lead Estimator	Estimator
View Recipe Library	✅	✅	✅
Create Recipe (from Library or promote from Item)	✅	✅	✅
Edit Recipe definition (Input Parameters, Output Unit, Worksheet)	✅	✅	✅
Delete Recipe	✅	✅	❌
Use Recipe inside an Item’s Worksheet	✅	✅	✅

Price Books & Resources

Capability	Admin	Lead Estimator	Estimator
View Price Book list (user-created)	✅	✅	✅
View Resources within a user-created Price Book	✅	✅	✅
Create Price Book — Project-Specific	✅	✅	✅
Create Price Book — External	✅	✅	✅
Create Price Book — Internal	✅	✅	❌
Edit Price Book metadata — Project-Specific	✅	✅	✅
Edit Price Book metadata — External	✅	✅	✅
Edit Price Book metadata — Internal	✅	✅	❌
Create Resource — Project-Specific / External Price Book	✅	✅	✅
Create Resource — Internal Price Book	✅	✅	❌
Edit Resource — Project-Specific / External Price Book	✅	✅	✅
Edit Resource — Internal Price Book	✅	✅	❌
Delete Price Book	✅	❌	❌
Delete Resource	✅	✅	❌

Adjudications

Capability	Admin	Lead Estimator	Estimator
View Adjudications	✅	✅	✅
Create Price Book Adjudication	✅	✅	✅
Edit Price Book Adjudication (add suppliers, import prices, variances)	✅	✅	✅
Lock Price Book Adjudication (Draft → Adjudicated)	✅	✅	✅
Re-open locked Price Book Adjudication	✅	✅	✅
Create Subcontract Package	✅	✅	✅
Edit Subcontract Package contents (add/remove Items)	✅	✅	✅
Run Subcontract Package Adjudication (Draft → Adjudicated)	✅	✅	✅
Re-open Subcontract Package Adjudication	✅	✅	✅

Commercials & Submission

Capability	Admin	Lead Estimator	Estimator
View Commercials	✅	✅	✅
Add/edit Rules	✅	✅	❌
Reorder Rules (sequence)	✅	✅	❌
Delete Rules	✅	✅	❌
Edit Submission Value overrides	✅	✅	❌
Run Anomaly Review	✅	✅	✅
Dismiss / resolve Anomaly items	✅	✅	✅

Publishing

Capability	Admin	Lead Estimator	Estimator
View Publisher preview	✅	✅	✅
Edit cover letter, conditions, inclusions/exclusions	✅	✅	❌
Generate Publisher Output (draft)	✅	✅	❌
Publish (finalise submission)	✅	✅	❌
Download published artifact	✅	✅	✅

Admin & Lookups

Capability	Admin	Lead Estimator	Estimator
Access Admin page	✅	❌	❌
View Users	✅	❌	❌
Trigger M365 User sync	✅	❌	❌
Assign / change User Roles	✅	❌	❌
Manage Units library	✅	✅	❌
Manage Categorizations (definitions and options)	✅	✅	❌
Manage Flag Catalog (definitions and options)	✅	✅	❌
Manage Modifier Catalog (definitions, math operations, default values)	✅	✅	❌
Manage Codes (definitions, options, sync config)	✅	❌	❌
Manage Reference Rates library	✅	✅	❌
Manage Content Block Definitions	✅	❌	❌
Manage Branding (logo, Publisher styles)	✅	✅	❌
Manage Company Roles on a Company	✅	✅	❌

Integrations

Capability	Admin	Lead Estimator	Estimator
Configure Xero sync	✅	❌	❌
Trigger manual Xero sync	✅	✅	❌
Configure M365 sync	✅	❌	❌
Configure Workbench integration	✅	❌	❌
Trigger manual Workbench export (won project → cost management)	✅	✅	❌

4. Key gating rules (the ‘hard’ boundaries)

These are the rules that really matter — where a wrong assignment would break things:

Only Admin can assign or change Roles. Everything else cascades from here.
Only Admin can manage Users, Codes, and Content Block Definitions. These have outsized system impact (identity, integration, shared content templates).
Only Admin can delete Tenders and Price Books. Deletes are destructive; Lead Estimators archive but don’t delete.
Estimators cannot modify Internal Price Books. Internal = shared, company-wide rate reference; changes need Lead Estimator or Admin approval.
System-generated Price Books are backend-only. Not visible in any UI to any Role. Managed entirely by the Adjudication workflow.
Lead Estimators can manage some shared config. Units, Categorizations, Flag Catalog, Modifier Catalog, Branding, and Company Roles can be edited by Lead Estimator — these are frequently touched during day-to-day work and don’t warrant Admin-only friction. Codes remain Admin-only due to integration linkage.

oxFlow Wiki

Explorer