Roles and Permissions

Afterglow uses a role-based access control system to determine what each user can see and do. Roles are assigned per tenant, so a user’s permissions are scoped to the organization they belong to.

Role overview

Role	Backoffice	Practice	Mobile App	Description
Admin	Full	Full	Yes	Tenant administrator with full access
SuperUser	Full	No	Yes	Elevated admin without coaching access
Coach	No	Full	Yes	Coaching professional with client access
Premium User	No	No	Yes	User with premium features enabled
User	No	No	Yes	Standard platform user
SystemAdmin	Full	Full	Yes	Platform-wide access (internal only)

Backoffice access

The Backoffice is accessible to users with the Admin, SuperUser, or SystemAdmin role. These users can manage content, users, billing, notifications, and platform configuration.

Practice access

The Practice coaching interface is accessible to users with the Coach, Admin, or SystemAdmin role. Coaches use Practice to manage their clients, bookings, and coaching settings.

Mobile app access

All roles have access to the mobile app. The features available within the app depend on the user’s role and the tenant’s configuration. Premium Users gain access to content and features marked as premium.

How roles are assigned

Roles are assigned to users within the context of a specific tenant. This means a user’s role is tied to their tenant membership, not to their global account. Administrators can manage role assignments through the Backoffice.

When a user signs in, their role claims are automatically loaded, ensuring the correct permissions are applied across the platform.

User Roles — A quick overview of roles for new users.
Backoffice Overview — The admin dashboard.
Practice Overview — The coaching interface.