The table above details the distribution of permissions across different MOFFI roles: Admin, Building Manager, Space Manager, and Group Manager.

1. Roles and their scope of action

The roles defined in this table determine the range of actions a user can perform within the company's environment. Here are the main roles:

• Admin: has the most extensive permissions, with full access to all spaces, users, bookings, and rules.
• Building Manager: has permissions limited to their specific buildings. They can manage spaces, bookings, and users within those buildings.
• Space Manager: this role is the most restricted, with access only to the spaces they manage.
• Group Manager: their scope is limited to their user groups. They can manage certain features for their group only.

This hierarchy ensures effective governance while limiting user actions to avoid overload or unintended changes.

2. Viewing spaces and bookings: permissions based on roles

Users can view different levels of spaces depending on their role:

• Admin can see all company spaces.
• Building Manager can see spaces in their building(s).
• Group Manager can see spaces for their group only.
• Space Manager has access only to the spaces they manage.

The same applies to viewing bookings:

• Admin can view all bookings.
• Building Manager can view bookings in their buildings only.
• Group Manager can view bookings in their group.
• Space Manager can view bookings for their own spaces only.

This allows better organization while ensuring data confidentiality and security.

3. User management and associated actions

Actions related to users (adding, removing, editing) are subject to specific permissions:

• Admin can manage all company users.
• Building Manager can manage users in their buildings.
• Group Manager can manage users in their group only.
• Space Manager does not have access to these functions.

The same logic applies to creating groups and managing rules:

• Admin and Building Manager can create groups and rules.
• Other roles do not have these permissions.

This ensures that only authorized personnel can make important decisions regarding user and space management.

4. Booking on behalf of others: which users and which spaces?

The ability to book on behalf of users or for spaces is also regulated:

• Admin can book on behalf of any user and for any space in the company.
• Building Manager can book only in their buildings.
• Group Manager can book for users in their group.
• Space Manager does not have this option.

This limits responsibilities while ensuring that booking actions align with the role’s scope.

5. Rules and permissions in collaborative environment management

Features such as creating and viewing rules or accepting/rejecting bookings follow the same hierarchy principle:

• Admin can manage all company rules.
• Building Manager can manage rules only for their buildings.
• Group Manager and Space Manager do not have access to these features.

Regarding booking approval:

• Admin can accept or reject all bookings in the company.
• Building Manager can approve/reject bookings in their building.
• Group Manager can approve/reject bookings for their group only.
• Space Manager can manage bookings only in their spaces.

A summary table follows below in the original document.