Roles & Permissions

Overview

Nigall uses a combination of account type, subscription plan, event host ownership, and module-specific approval roles to control access.

Purpose

Ensure organizers, participants, and third-party stakeholders see only the tools and data appropriate to their role—while allowing Nigall platform staff to administer approval queues.

Who should use it

  • Organization admins defining who can access Tools
  • Organizers delegating day-of operations
  • Platform administrators configuring approval workflows

Benefits

  • Least-privilege access by default
  • Event-scoped management (host-only unless staff)
  • Plan-based tool unlock without blocking free event creation

Role reference table

Role How assigned Event management Tools access
Guest (anonymous) Not signed in View public events; guest RSVP on free RSVP events None
Participant / Attendee Default user_type=participant RSVP/register; view tickets Hub, Attendees, Program, Communications (plan-gated)
Organizer user_type=organizer OR has hosted events Full host controls on own events All tools per subscription plan
Event planner user_type=event_planner OR has planner profile Full host controls; CRM at /planner/ All tools per plan; CRM requires Planner Pro
Client viewer Added to Event.client_viewers Read-only on assigned events None
Venue manager user_type=venue_manager Venue directory & bookings Hub + Venues
Exhibitor user_type=exhibitor or exhibitor profile Own applications & booth Hub + Exhibitors
Vendor user_type=vendor Own stall applications Hub + Vendors
Platform admin is_staff=True All events (admin queues) All tools, no plan gate
Super admin is_superuser=True Django admin + all Unrestricted

Event-scoped permissions

Action Host Client viewer Staff Guest Other authenticated user
Edit event
View event (read-only client panel) ❌ if not invited Per visibility
View private event ✅ if viewer ❌ if not invited
Manage survey questions
RSVP / register ✅ (as guest flow if not host view) ✅ (if allowed)
Guest list / check-in
Module dashboards (exhibitors, etc.) ✅ (admin approval) Module-specific Module-specific

Note: When viewing an event as host, the registration sidebar shows Edit Event and module shortcuts—not the guest RSVP form. To preview guest experience, use incognito or a test account.


Module approval types

Each module supports approval_type:

Value Behavior
auto Application approved immediately
organizer Host reviews on event dashboard
admin Nigall staff reviews at /exhibitors/admin/review/ (etc.)

Subscription plan tool unlock

Plan Unlocked tools
Free / Essentials Attendees, Program, Communications
Presenter Pro + Speakers, Talent, Venues
Operations Suite + Volunteers, Vendors, Sponsors
Planner Pro + Event Planner CRM (includes Operations Suite tools)
Enterprise + Exhibitors (contact sales)

Function: users/subscription_plans.pyuser_has_tool_access().


Validation rules

  • Host-only views use event.host == request.user or can_manage_* service helpers
  • Private event API/detail requires authentication as host for mobile API

Best practices

  • Use a dedicated test attendee account to validate RSVP and survey flows
  • Assign Operations Suite to team members managing vendors/sponsors/volunteers
  • Use admin approval only when compliance requires Nigall review

Common mistakes

  • Assuming co-organizer access — only event.host is supported natively; use shared login or future org roles
  • Staff account for routine hosting — creates unnecessary access breadth

FAQs

Can exhibitors see attendee PII?
Only what you expose via exhibitor lead capture after opt-in scan.

Do volunteers need a paid plan?
Organizer needs Operations Suite; volunteers use free accounts to apply.

Administrator notes

Superusers access /admin/ for model-level overrides. Staff use module-specific admin review lists.

Developer/API notes

  • Mobile JWT: user identity only; event host checks on detail endpoints for private events
  • Talent API: account UUID scoping on /api/v1/

Related: Platform Overview · Navigation