Administrator & Moderator
Administrator Role
The Administrator role grants unrestricted access to all data and features in Primentra. This is a server-level privilege set directly on a user account — it is not a role permission.
What administrators can do:
- Access all models and entities regardless of role permissions
- Manage Users (create, edit, delete, lock/unlock accounts)
- Manage Roles and assign permissions
- Access General Settings, including database connection and email configuration
- Access all other admin pages: Models, Integration Views, Logs (Audit Log, System Log, Database Log)
- View and modify data in any entity
Regular users without the administrator flag:
Regular users have no access to admin pages. Without the administrator flag, a user can only access the data grid, their own submissions (My Submissions), and — if their role has the "Can approve" flag — the Approvals page. All other admin pages (General Settings, Models, Integration Views, Users, Roles, Audit Log) are exclusively available to administrators.
Crown icon:
Administrators are identified by a crown icon that appears next to their name in the Settings menu and in the Users list. This makes it easy to identify which accounts have elevated privileges at a glance.
How administrator access works:
Administrator access is granted through role membership. Any role with the IsAdmin flag enabled grants full administrator privileges to all its members. Assign a user to an admin role in Settings → Access Management → Roles.
Moderator Permission Level
The Moderator flag is a role-based permission that grants full CRUD access (Create, Read, Update, Delete) plus the ability to manage entity and model configuration within the assigned scope — including access to the Manage Models admin page for those models and entities.
What Moderator grants:
- Full CRUD access to data rows (all four operations automatically enabled)
- Access to entity configuration (editing entity settings, attribute definitions)
- Access to the Manage Models page, scoped to the models and entities they have moderator access to
- Model-scope moderator: can additionally edit/delete the model itself and create new entities within it
Moderators see the Manage Models nav item in the sidebar but no other admin pages. They only see the models and entities they have moderator access to — not the full model list.
Entity moderator vs. model moderator:
| Scope | What you can do |
|---|---|
| Entity moderator | Edit/delete that entity and manage its attributes |
| Model moderator | Everything an entity moderator can do, plus edit/delete the model and create new entities within it |
How Moderator differs from granular CRUD:
- CRUD only — Users can perform the specific operations you enable (e.g., Create + Read but not Delete)
- Moderator — Automatically enables all four CRUD operations plus configuration access. Use for team leads and data stewards who need to manage structure, not just data.
How Moderator differs from Administrator:
- Moderator is a role-based permission — it applies only to the models and entities assigned to the role
- Administrator is a user-level flag — it bypasses all permission checks across the entire application and gives access to all admin pages
Setting Moderator access:
- Go to Settings → Access Management → Roles tab
- Open the role and click Edit permissions
- For the desired model or entity, click the Mod toggle button
- All CRUD buttons will automatically activate when Moderator is enabled
- Click Save permissions to apply changes