Roles & Permissions
This page defines the access model for BaseQR and describes what each role can do. Access is organization-wide; campaign-level restrictions are not supported.
Access model
• Organization-level access — All users belong to a single organization context. New campaigns are visible to all users in that organization.
• Edit scope — Users can edit all campaigns in the organization. There is no read-only mode.
• Ownership — Admin is considered the owner of campaigns. Ownership transfer is not supported.
Roles
• Admin — Intended for team leads and administrators who manage access and structure in addition to day-to-day work.
• User — Intended for operators who create and manage campaigns and QR codes, run imports, and produce exports.
Capabilities by role
• Admin —
o Invite and remove users.
o Assign and change roles.
o Delete campaigns.
o Create campaigns and QR codes.
o Edit destinations and UTM parameters (including live codes).
o Toggle QR status (Active/Inactive).
o Run bulk imports/updates.
o Export QR assets (SVG/PNG/JPG) and analytics (CSV/Excel/PDF).
• User —
o Create campaigns and QR codes.
o Edit destinations and UTM parameters (including live codes).
o Toggle QR status (Active/Inactive).
o Run bulk imports/updates.
o Export QR assets (SVG/PNG/JPG) and analytics (CSV/Excel/PDF).
Invitations and seats
• Who can invite — Admins only.
• How invites work — Admin sends an email invitation and assigns a role during invite; roles can be changed later by an Admin.
• Seat limits — Seat availability is plan-based. When seats are full, new invitations are blocked until a seat is freed or the plan is upgraded. See Plans & Billing.
External collaborators
• Inviting partners — Admins may invite external users (any email address) as Users within their account.
• Scope — External Users have the same permissions as internal Users. Campaign-specific restrictions are not supported.
Authentication and security (summary)
• Email verification — Required during account setup.
• SSO — Available for Enterprise accounts. See Authentication for details.
Guidance for teams
• Define responsibilities — Assign who creates campaigns, who updates live destinations/UTMs, and who manages bulk imports to avoid conflicting edits.
• Standardize naming — Use the recommended naming convention so campaigns are easy to find and reports remain consistent. See Campaign Naming Standards.
• Review access periodically — Admins should review seats and membership as teams change.