runorder
Features/Admin & access

05 · Guard rails

The settings that keep a multi-hundred-staff organisation orderly.

RBAC at the row level. Audit log of who did what. Per-org branding. Module toggles for tenants that don't need every surface. The stuff you set up once and forget — until something goes wrong and you need to prove what happened.

BASE

A · Role-based access

Granular, per-tab, per-row.

Roles are at the org level (admin, manager, user). Permissions cascade to per-tab scopes. Per-row access is automatic — your roster membership grants access to the production you're on.

Roles, scoped automatically

You don't manage per-row permissions by hand. If someone's on Hamlet's roster, they see Hamlet. If they leave the roster, they stop seeing it. The auto-scoping is the feature.

  • Org roles: admin / manager / user
  • Per-tab permissions (Planner / Productions / People / Timesheets / Admin)
  • Per-row scope auto-derived from roster + project membership
  • Welfare data on a separate scope from contracts + payroll
  • Audit log captures every grant and revoke
RBAC · permission matrix3 roles × 5 tabs
RolePlannerProductionsPeopleTimesheetsAdmin
AdminRWRWRWRWRW
ManagerRWRWRRW
UserRRRR

B · Audit log

Who did what, when, on which row.

Every state-changing action lands in the audit log. Searchable, filterable, exportable. Includes the actor, the target row, the previous value, and the new value.

Audit log · last 24h312 events
18:42maria.sUPDATEhamlet.event/4521
17:30lars.hCREATEdraft/wk32-reshuffle
16:55sara.vDELETEleave/req-882
16:12erik.sREADpeople/ola.n welfare
15:48maria.sUPDATEproduction/hamlet roster

Compliance-grade, conversation-grade

The audit log is detailed enough for compliance reviews and readable enough for "who moved the Hamlet rehearsal at 14:30 yesterday?" conversations. The same data serves both.

  • Every state change generates an audit row
  • Filter by actor, target type, time range, action
  • Per-row history accessible from any entity page
  • Permission audit log: when access was granted or revoked
  • CSV / JSON export for compliance reviews

C · Per-org branding

Your colours, your wordmark, your favicon.

The branding panel sets your accent colour (with auto-derived sub-tokens), your wordmark, your favicon, your email logo. WCAG contrast gates on the colour picker — the system won't let you ship inaccessible colour pairings.

White-label in fifteen minutes

Pick an accent. The system derives the deep, soft, and on-dark variants. Upload three assets. The app rolls the changes out within five minutes. WCAG checks happen at the picker, not later.

  • Accent colour picker with auto-derived deep / soft / on-dark variants
  • WCAG AA contrast gates on accent vs Paper + Frame Black
  • Wordmark + favicon + email logo upload (≤200 KB each)
  • Assets serve from your tenant origin, CDN-cached
  • Changes roll out across the app within 5 minutes of save
Branding · Det Norske TeatretWCAG AA

Accent

#7A2934

Contrast

vs Paper: 5.6 · vs Frame Black: 7.2

AA ✓

Assets

Wordmark · favicon · email logo

3 uploaded

D · Modules + integrations

Turn off what you don't use.

The modules surface lets the org admin toggle non-core modules off (Display Board, Public Share, Kiosk). The integrations catalog routes to per-integration setup — Google Calendar, iCal feeds, webhooks, plus the M365 / Slack Premium add-ons.

Integrations · active4 active
Google Calendar42 subscribed
iCal feed18 tokens
Email notifyon publish
Webhook out3 endpoints

Lean tenant, fat tenant — your call

Core modules (Planner, Productions, People, Timesheets, Admin) are locked on. Every other module is per-tenant. Turn off what you don't use and the navigation gets cleaner.

  • Per-tenant module on/off (core modules locked-on)
  • Integrations catalog: Connected / Available / Soon states
  • OAuth-based Google Calendar per user
  • Webhook subscriptions with retry + HMAC signing
  • Per-tenant API tokens for headless use

Want to lock the house down properly?

30-minute discovery call over Teams. We'll walk through your access model and the audit story.

Request a conversation →

Or read about the rest.

Each surface gets the same depth as this page. Click around or head back to the overview.

All features →