Role permissions
Veridian Motion uses five staff roles plus separate inmate access. This page lists concrete permissions as built today. Officers and wardens receive least-privilege defaults; your agency may restrict further.All staff roles require email + password + TOTP MFA. Roles are granted
only by an admin at
/staff.Permission matrix
| Action | pt | admin | officer | warden | it_admin |
|---|---|---|---|---|---|
| Sign in to dashboard | Yes | Yes | Yes | Yes | Yes |
| View patient roster | Assigned + policy | Yes | Scoped | Scoped | No |
| Enroll patient | No | Yes | No | No | No |
| Reset inmate PIN | No | Yes | No | No | No |
| View unassigned queue | No | Yes | No | Scoped | No |
| Assign case to PT | No | Yes | No | No | No |
| Review assessment (clinical) | Yes (assigned) | No | No | No | No |
| View AI findings / red flags | Yes (assigned) | Yes | No | No | No |
| Edit and release exercise plan | Yes (assigned) | No | No | No | No |
| Mark reviewed / needs_followup | Yes (assigned) | No | No | No | No |
| AI note summarization | Yes | No | No | No | No |
| Export assessment PDF | Yes | Yes | No | No | No |
| Email PDF to allowlist | Yes | Yes | No | No | No |
| Secure messaging (clinical) | Yes (assigned) | Policy | No | No | No |
| Grant / revoke staff roles | No | Yes | No | No | No |
| Break-glass MFA reset | No | Yes | No | No | Yes |
Audit log (/audit) | No | Yes | No | Scoped | Yes |
Compliance views (/compliance) | No | Yes | No | Scoped | Yes |
Security settings (/security) | No | No | No | No | Yes |
Role summaries
Physical Therapist (pt)
Primary clinical user. Reviews assigned assessments only: red flags,
photos, AI triage support, draft plans. Edits bodyweight exercise plans,
writes notes, marks reviewed or needs_followup, messages assigned
patients, exports PDFs. Cannot enroll inmates or grant roles.
Administrator (admin)
Operational owner. Enrolls patients, assigns cases from the unassigned
queue, resets inmate PINs, grants/revokes roles, performs MFA reset, views
roster and audit logs. Does not replace PT clinical sign-off on plan
release unless also holding a pt role.
Officer (officer)
Custody operations. Typically no clinical review, enrollment, or messaging.
May have roster visibility for operational coordination depending on deployment.
Escorts inmates to kiosk; does not review AI output.
Warden (warden)
Facility oversight. May have summary visibility into queue volume, status
distribution, or compliance reports — not full clinical detail by default.
Does not perform PT review or enrollment unless also granted admin or pt.
IT Admin (it_admin)
Technical administration. Security settings, compliance tooling, MFA
break-glass with admin. Does not perform clinical review or inmate enrollment
by default.
Inmate (not a staff role)
| Action | Allowed |
|---|---|
| Sign in with number + PIN | Yes |
| Complete kiosk intake | Yes |
| View own submission status | Yes |
| View approved plan after reviewed | Yes |
| View PT notes marked shared with inmate | Yes |
| Reply in secure messaging threads | Yes |
| View AI findings before PT review | No |
| Self sign-up or change PIN | No |
| Access other inmates’ data | No |
Enforcement
Permissions are enforced at two layers:- Application UI and API — role checks on staff actions
- Postgres Row-Level Security — inmates and staff queries scoped at the database; cross-inmate access denied even if UI is bypassed
What’s next
Roles and access
MFA, provisioning, break-glass reset.
Getting started
Rollout checklist for admins.
For evaluators
One-page guide for decision-makers.
