Skip to main content

Role permissions

Veridian Motion uses five staff roles plus separate inmate access. This page lists concrete permissions as built today. Officers and wardens receive least-privilege defaults; your agency may restrict further.
All staff roles require email + password + TOTP MFA. Roles are granted only by an admin at /staff.

Permission matrix

Actionptadminofficerwardenit_admin
Sign in to dashboardYesYesYesYesYes
View patient rosterAssigned + policyYesScopedScopedNo
Enroll patientNoYesNoNoNo
Reset inmate PINNoYesNoNoNo
View unassigned queueNoYesNoScopedNo
Assign case to PTNoYesNoNoNo
Review assessment (clinical)Yes (assigned)NoNoNoNo
View AI findings / red flagsYes (assigned)YesNoNoNo
Edit and release exercise planYes (assigned)NoNoNoNo
Mark reviewed / needs_followupYes (assigned)NoNoNoNo
AI note summarizationYesNoNoNoNo
Export assessment PDFYesYesNoNoNo
Email PDF to allowlistYesYesNoNoNo
Secure messaging (clinical)Yes (assigned)PolicyNoNoNo
Grant / revoke staff rolesNoYesNoNoNo
Break-glass MFA resetNoYesNoNoYes
Audit log (/audit)NoYesNoScopedYes
Compliance views (/compliance)NoYesNoScopedYes
Security settings (/security)NoNoNoNoYes
Scoped = read-only or summary visibility per agency configuration — not full clinical notes or AI output unless explicitly granted.

Role summaries

Physical Therapist (pt)

Primary clinical user. Reviews assigned assessments only: red flags, photos, AI triage support, draft plans. Edits bodyweight exercise plans, writes notes, marks reviewed or needs_followup, messages assigned patients, exports PDFs. Cannot enroll inmates or grant roles.

Administrator (admin)

Operational owner. Enrolls patients, assigns cases from the unassigned queue, resets inmate PINs, grants/revokes roles, performs MFA reset, views roster and audit logs. Does not replace PT clinical sign-off on plan release unless also holding a pt role.

Officer (officer)

Custody operations. Typically no clinical review, enrollment, or messaging. May have roster visibility for operational coordination depending on deployment. Escorts inmates to kiosk; does not review AI output.

Warden (warden)

Facility oversight. May have summary visibility into queue volume, status distribution, or compliance reports — not full clinical detail by default. Does not perform PT review or enrollment unless also granted admin or pt.

IT Admin (it_admin)

Technical administration. Security settings, compliance tooling, MFA break-glass with admin. Does not perform clinical review or inmate enrollment by default.

Inmate (not a staff role)

ActionAllowed
Sign in with number + PINYes
Complete kiosk intakeYes
View own submission statusYes
View approved plan after reviewedYes
View PT notes marked shared with inmateYes
Reply in secure messaging threadsYes
View AI findings before PT reviewNo
Self sign-up or change PINNo
Access other inmates’ dataNo

Enforcement

Permissions are enforced at two layers:
  1. Application UI and API — role checks on staff actions
  2. Postgres Row-Level Security — inmates and staff queries scoped at the database; cross-inmate access denied even if UI is bypassed
Role changes and MFA resets are audit-logged.

What’s next

Roles and access

MFA, provisioning, break-glass reset.

Getting started

Rollout checklist for admins.

For evaluators

One-page guide for decision-makers.