With multiple admins in an org, it would be useful to limit the access of certain admins. To do this, we need role-based access controls.

Roles

- admin: Full control of the Org

- standard: Full control of the Org except deleting it (read-only billing)

- reporter: Read-only access to an Org

- onsite: Can check-in, register, and view attendees/orders

See the full permissions here.

Questions:

- What roles should there be? What personas should have access to what?

- Would it be useful to have org level and event level permissions (e.g. some admins only have access to a certain event)?