Roles & Access
The app's role hierarchy and team affiliations, what each role can do, and how affiliation drives the two-party go-live sign-off.
Overview
The app uses role-based access control with five role levels and two team affiliations. Roles determine what a person can do; team affiliation determines their side of the two-party go-live sign-off.
Role hierarchy
Roles are ordered from least to most access. Each role includes everything the roles below it can do.
| Role | What they can do |
|---|---|
| Guest | Read-only landing page; no data access. |
| Viewer | View all data; no edits. |
| Editor | Edit entities, manage mappings, and assign associations to waves. |
| Manager | Everything an editor can do, plus access the Validate section and complete and sign off validations. |
| Admin | Full access, including unlocking completed validations, Organization Settings (such as validation thresholds), and user role management. |
The Validate section — the validation wizard, cross-entity panels, and financial reconciliation panels — requires the manager role or higher. See Validation.
Team affiliations
Every user belongs to one of two teams:
- NewCo (Source System) — Branch / NewCo staff from the acquired company.
- Associa (Target System) — Associa Implementation and support staff.
Why affiliation matters
The wave-level go-live sign-off requires approval from both affiliations — one Source System (NewCo) representative and one Target System (Associa) representative. Neither side can complete the sign-off alone. See Migration Tracking & Sign-off for the full two-party gate.
Entity Model
How onboarding entities relate to one another, the order they load in, the source→mapped→standard tiers for mappable entities, and the per-entity migration lifecycle.
Providing Source Data
How a branch's source data reaches the platform — through the ingestion pipeline, not an in-app upload — and what the branch provides.