Roles and Permissions
UNDERSTAND THE ROLE-BASED ACCESS CONTROL (RBAC) SYSTEM IN ONE RACEHUB, INCLUDING ROLE DEFINITIONS, FEATURE ACCESS PERMISSIONS, AND HOW ROLES CONTROL WHAT USERS CAN SEE AND DO ACROSS THE PLATFORM.
Overview
Roles and Permissions in ONE RACEHUB provide a comprehensive Role-Based Access Control (RBAC) system that governs user access to features, data, and configuration settings across the platform. By assigning a specific role to each user, administrators ensure that team members only access the tools and information relevant to their responsibilities.
The system automatically adapts the user interface based on the assigned role, hiding unauthorized sidebar navigation items and restricting sensitive actions such as editing setup sheets, managing users, or accessing administrative configuration. This ensures data security, streamlines workflows, and prevents accidental modifications by unauthorized personnel.
Who Can Use This Feature:
- Team members with different roles and responsibilities
- Drivers who need access to their performance data
- External personnel like freelancers or contractors
- Multi-team organizations requiring data separation
Key Benefits:
- Enhanced Security: Restrict access to sensitive data and configuration settings
- Streamlined Interface: Users only see features relevant to their role
- Multi-Tenancy Support: Team-based data isolation for organizations managing multiple teams
- Flexible Access Control: 11 predefined roles covering all motorsport team functions
- Granular Restrictions: Control access by event, contestant, and feature level
- Audit Trail: Track which users have access to specific features and data
Available Roles
ONE RACEHUB includes 11 predefined roles designed to match typical motorsport team structures:
| Role | Abbreviation | Primary Function |
|---|---|---|
| Admin | ADMIN | Full system access, user management, configuration |
| Management | MGMT | Strategic oversight, reporting, user management |
| Chief Engineer | CHIEF | Technical leadership, advanced configuration, templates |
| Car Engineer | C-ENG | Run sheets, setup sheets, analysis, KPI dashboard |
| Mechanic | MECH | Run sheets, jobs, practical operations |
| Tyre Engineer | T-ENG | Tyre management, pressure calculations, run sheets |
| Workshop Management | W-MGT | Parts, assemblies, job templates, workshop operations |
| Setup Reviewer | S-RVW | Setup sheet review, chassis configuration, events |
| Fault Admin | FLT | Specialized fault management and diagnostics |
| Read Only | RO | View-only access to most features |
| Driver | DRV | Limited access to feedback, track walk, and dashboard |
How Roles Control Access
Sidebar Navigation Permissions
The assigned role determines which sidebar categories and features are visible to the user. The system automatically hides unauthorized menu items, creating a streamlined interface.
General Access Patterns:
Drivers (DRV):
- Limited Access: Feedback, Track Walk, Dashboard, Protocol Run Sheet
- Hidden: All Configuration, Admin, Templates, Analysis tools, Jobs, Parts
Engineering Roles (CAR_ENGINEER, CHIEF_ENGINEER, TYRE_ENGINEER, MECHANIC):
- Full Access: Operations features (Run Sheets, Tyres, Jobs, Analysis, Simulation, Reports, Weather)
- Partial Access: Some Configuration > Templates features
- Restricted: Configuration > Admin (except Chief Engineer)
Admin & Management (ADMIN, MANAGEMENT, CHIEF_ENGINEER):
- Full Access: All features including Configuration > Admin
- Exclusive Access: User management, track/team/contestant configuration, advanced templates
Workshop & Parts Roles (WORKSHOP_MANAGEMENT):
- Specialized Access: Parts & Assemblies, Job List Templates, Packages
- Standard Access: Most Operations features
Feature Access Matrix
The following matrix outlines which roles can access each feature in ONE RACEHUB. Features marked with ✅ are accessible to that role; features marked with ❌ are hidden.
| Sidebar Option | ADMIN | MGMT | CHIEF | C-ENG | MECH | T-ENG | W-MGT | S-RVW | FAULT | READ | DRV |
|---|---|---|---|---|---|---|---|---|---|---|---|
| Operations > Protocol > Run Sheet | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Operations > Protocol > Run Compare | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ |
| Operations > Protocol > Run Planner | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ |
| Operations > Protocol > Setup Sheets | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ |
| Operations > Protocol > Dashboard | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Operations > Tyres > Tyre Sheet | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ |
| Operations > Tyres > Pressure Calculation | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ |
| Operations > Analysis > Car Overview | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ |
| Operations > Analysis > KPI Dashboard | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
| Operations > Driver > Feedback / Track Walk | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Operations > Jobs > All Jobs / My Jobs | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ |
| Operations > Simulation | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ |
| Operations > Report | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ |
| Operations > Weather | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ |
| Manager > Calendar | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ |
| Manager > Issue Manager | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ |
| Manager > Time Tracker > Tracker | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ |
| Manager > Time Tracker > Export / Admin | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ |
| Parts & Specs > Parts & Assemblies | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ |
| Parts & Specs > Specifications | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ |
| Configuration > Admin > Chassis | ✅ | ✅ | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ |
| Configuration > Admin > Contestants | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
| Configuration > Admin > Departments | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
| Configuration > Admin > Events | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ |
| Configuration > Admin > Locations | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
| Configuration > Admin > Manufacturers | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
| Configuration > Admin > Points Systems | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
| Configuration > Admin > Tags | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
| Configuration > Admin > Teams | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
| Configuration > Admin > Tracks | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
| Configuration > Admin > Users / Drivers | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
| Configuration > Admin > User Enums | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
| Configuration > Templates > Assembly Templates | ✅ | ❌ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
| Configuration > Templates > Calculations | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ |
| Configuration > Templates > Job List Templates | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ |
| Configuration > Templates > Lap Sequences | ✅ | ❌ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
| Configuration > Templates > Packages | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ |
| Configuration > Templates > Run Sheet Layouts | ✅ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
| Configuration > Templates > Setup Sheet Layouts | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ |
| Configuration > System > Car Data Service | ✅ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
| Configuration > System > Timing Service | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ |
| Configuration > System > Timing Weather Service | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ |
| Configuration > System > Weather Station Service | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ |
| Configuration > System > Database / Offline | ✅ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
Important: This matrix shows sidebar visibility only. Actual editing permissions and data access are further restricted by team assignment, contestant restrictions, and specific action permissions (see Edit and Action Permissions section below)
Edit and Action Permissions
Beyond viewing features in the sidebar, specific actions within features are restricted based on role, team assignment, and additional conditions. This section provides critical exceptions and additional restrictions to the Feature Access Matrix above.
Run Sheet Editing
Allowed Roles: ADMIN, CE, C-ENG, MECH, TE, WM, SR
Conditions:
- User must belong to the same team as the run sheet (Team ID match)
- Exception: ADMIN can edit all run sheets regardless of team assignment
- Locked run sheets are read-only for all users
- User must have the contestant in their "Editable Contestant IDs" list (if configured)
Strategic Applications:
- Mechanics can update run sheets during sessions but cannot modify setup sheets
- Team-based restrictions prevent accidental cross-contamination of data in multi-team organizations
- Locking run sheets after a session preserves historical data integrity
Setup Sheet Editing
Allowed Roles: ADMIN, CE, C-ENG, SR
Conditions:
- User must belong to the same team as the setup sheet (Team ID match)
- Exception: ADMIN can edit all setup sheets regardless of team assignment
- Locked setup sheets are read-only for all users
- User must have the contestant in their "Editable Contestant IDs" list (if configured)
- Important: Mechanics (MECH) can view setup sheets but cannot edit them
Strategic Applications:
- Restricts setup modifications to engineering staff only
- Setup Reviewers can validate and approve setup changes
- Prevents unauthorized setup changes during critical sessions
- Mechanics can reference setup data but cannot accidentally modify it
Parts Management
View All Teams: ADMIN, CE, MGMT, WM
Team-Restricted View: All other roles only see parts assigned to their team
Strategic Applications:
- Workshop Management can oversee parts across all teams for procurement and logistics
- Engineers see only their team's inventory to reduce clutter and prevent confusion
- Admins maintain full visibility for cross-team resource allocation
User Management Actions
Create/Edit/Delete Users: ADMIN, MGMT
Assign Team: ADMIN only
Assign Default RunSheet Style: ADMIN only
Configure Advanced Restrictions (Visible Events, Editable Contestants, Hide KPIs): ADMIN, MGMT
Strategic Applications:
- Only administrators can configure multi-tenancy team assignments to prevent privilege escalation
- Management can handle day-to-day user administration (creating accounts, resetting passwords)
- Prevents unauthorized users from modifying their own permissions
KPI Dashboard Access
Allowed Roles: ADMIN, MGMT, CE, C-ENG, MECH
Additional Conditions:
- The hideKPIs flag must be set to false on the user's profile
- Both the role AND the flag must permit access
Strategic Applications:
- Protect sensitive performance data from external contractors
- Allow mechanics to see KPIs for troubleshooting while restricting freelancers
- Granular control over who can view car performance metrics
Time Tracker Access
Tracker Feature: All Roles Except Driver
Additional Condition: Requires isTimeTracker enabled on user profile
Export / Admin Feature: All Roles Except Driver
Additional Condition: Requires isTimeTrackerAdmin enabled on user profile
Strategic Applications:
- Enable time tracking for specific team members only
- Restrict administrative time tracking functions to managers and team leads
Multi-Tenancy and Team Assignment
ONE RACEHUB supports multi-tenancy through team-based data isolation. When an administrator assigns a user to a specific team:
- Data Visibility: The user can only access data (run sheets, setup sheets, parts, etc.) associated with their assigned team
- Cross-Team Restrictions: Users cannot view or modify data from other teams
- Admin Override: Users with ADMIN role can access all teams' data regardless of their team assignment
- Login Requirement: Changing a user's team assignment requires the user to log out and log back in for the change to take effect
Use Cases:
- Racing organizations managing multiple teams in different series
- Manufacturer teams with separate GT and prototype programs
- Customer racing operations supporting multiple client teams
- Organizations running competing teams (e.g., one Ferrari and one Mercedes in the same championship)
Example:
A racing organization runs two teams:
- Team A: Ferrari GT3 (Cars #11, #12)
- Team B: Mercedes GT3 (Cars #88, #89)
Engineers assigned to Team A can only see and edit data for Cars #11 and #12. Engineers assigned to Team B can only see and edit data for Cars #88 and #89. The ADMIN can see and manage all data across both teams.
Benefits of Proper Role Management
Data Security:
- Protect sensitive setup and performance information from unauthorized access
- Prevent data leaks to competitors through contractor restrictions
- Maintain confidentiality of strategic racing information
Workflow Efficiency:
- Users see only relevant information for their role, reducing clutter
- Streamlined interface improves focus and reduces training time
- Role-based layouts ensure users have the right tools for their job
Accident Prevention:
- Restrict editing access to prevent accidental data corruption
- Prevent mechanics from modifying setup sheets
- Lock historical data to preserve accurate records
Compliance:
- Control access for regulatory requirements
- Meet contractual obligations with sponsors or manufacturers
- Maintain audit trails for data access and modifications
Team Separation:
- Keep competing teams' data separate when necessary
- Support multi-team organizations in the same ONE RACEHUB instance
- Enable customer racing operations with complete data isolation
Flexibility:
- Granular control over event and contestant access
- Temporary restrictions for freelancers and contractors
- Easy onboarding and offboarding of team members
Notes & Tips
Important: The KPI Dashboard visibility is controlled by both the user's role AND the hideKPIs flag on their user profile. Ensure both conditions are met for access.
Best Practice: Regularly audit user roles and active status, especially at the start and end of racing seasons when team composition changes.
Tip: Use the "Read Only" role for guests, sponsors, or team principals who need visibility without the ability to modify data.
Note: Role assignments take effect immediately for sidebar visibility, but some cached data may require a page refresh or re-login to fully update.