When a church first adopts StewardTrack, the instinct is to hand every staff member full access. It feels generous. It is also how sensitive information ends up in the wrong hands six months later.
The Members module uses a clear three-tier permission model. Learn it once and you can delegate responsibility without delegating risk.
members:view
Read-only access to the member list and profiles. This is the right level for deacons, small-group leaders, and volunteer coordinators who need to know who's who but should not be editing records.
members:manage
Create and edit records. This is the level for your secretary, your pastoral staff, and your welcome-desk volunteers who are entering new visitors. It also unlocks the import, export, and template download actions β but only if your tenant's plan includes the Excel import/export feature.
members:delete
Archive records. We limit this one tightly. In our tenant, only the senior pastor and the executive assistant have it. Archiving is reversible, but it still changes the active roster, and roster changes deserve a double-check.
Why the separation matters
When a volunteer coordinator accidentally edits a member's contact number instead of just looking at it, you are one typo away from losing touch with someone. When a well-meaning team captain archives a family because they "haven't seen them in a while," you have quietly removed them from every report and every communication list.
Permissions are not bureaucratic control. They are how you say to your team: "You have exactly what you need to serve well, and nothing extra that could hurt someone by accident."
