GC SurgeDocsUnderstanding Roles & Access Control
8 min read

Understanding Roles & Access Control

GC Surge uses role-based access control (RBAC) to ensure each user can only access the platform features and data appropriate for their organizational function. Roles are assigned at invitation and control which sidebar modules are visible, which actions are available, and what data can be accessed. Covers: What Roles & Access Control Does, GC Surge Roles, Super Admin.

What Roles & Access Control Does

Proper role governance is both a security requirement and an operational efficiency tool. Over-privileged accounts create unnecessary risk. Under-privileged accounts create friction and support burden.

GC Surge Roles

Super Admin

Full platform access. Super Admins can create and modify sites, manage users (invite, assign roles, and remove users), configure NOVA99x, manage the subscription, view all analytics, and access all event review tools.

Super Admins should be limited to the individuals who genuinely need full platform control. Every Super Admin account is a potential attack surface — if one is compromised, the attacker gains access to all platform functions.

Operator

Access to operational tools: Video Search, ZenMode, and the Home dashboard. Operators cannot manage sites, users, or subscription settings. This is the appropriate role for monitoring center operators and shift supervisors who need event access but should not make administrative changes.

Screenshot 2026-06-09 122229.png

The User List

User Management is accessible from the sidebar and opens the User List — a table showing every user on the account. The subtitle reads: Invite new users, assign roles, and manage user access to your organization.

Table columns

  • Avatar — a colour-coded initials badge (or uploaded photo) identifying the user at a glance.
  • Name — the user's first and last name.
  • Email — the email address used to log in and receive platform notifications.
  • Role — either Super Admin or Operator.
  • Status — a green dot indicates the account is active.
  • Actions — a three-dot menu (…) that opens per-user options for that row.

Toolbar

  • COLUMNS — choose which table columns are visible. Your selection is saved per user and does not affect anyone else's view. Hidden columns are not deleted — they are still included when you click Export.
  • DENSITY — sets the row spacing per user. Compact is recommended for large rosters (see 30+ users without scrolling, useful for access audits). Standard is more comfortable for day-to-day management of smaller teams. The choice does not affect anyone else's view.
  • EXPORT — downloads the full user list as users-export.csv, including columns you have hidden. The export contains: name, email, phone, role, status, date invited, last active date, entity-group assignments, invited-by, and last-login timestamp. The export reflects any active filters — if you have filtered to one role or status, only those rows appear. It is a point-in-time snapshot of access rights, useful for compliance evidence.
  • Search (top right) — filters the list in real time by name or email address.

Pagination

Rows per page controls how many users appear per page (default: 10). The counter on the right (e.g. 1–5 of 5) shows the visible range and total count. Use the arrow buttons to navigate between pages.

Actions menu

Clicking the three-dot icon (…) on any row opens three options:

  • Edit User — opens a modal to update the user's name, photo, phone number, or role.
  • Edit User Entities — opens a modal to assign or restrict the specific sites and cameras the user can see within their role.
  • Remove User — deactivates the user account. All active sessions end immediately and the user loses access. Their historical actions are preserved in the audit trail. A Super Admin can reactivate the account later from the User List, restoring their role and entity assignments. For a permanent data removal (GDPR), contact GC Surge support.

Inviting a New User

The + INVITE NEW USER button (top right of the User List) opens the invitation modal. Required fields are marked with an asterisk (*):

  • First Name* and Last Name* — used for the display name and the initials avatar.
  • Email Address* — the address where the invitation link is sent. This becomes the user's login email. Email address is immutable after the invitation is accepted — it is the user's account identity. To change it later, invite a new user with the new email, transfer their role and entity assignments, then deactivate the old account.
  • Phone Number — optional. Includes a country code selector (flag + dial code). Useful if the user is an on-site contact whose Site Key is sent over WhatsApp, or if you want SMS as a password-reset fallback when email is unavailable.
  • GC Surge Role — select either Operator or Super Admin from the dropdown. The role determines which platform features are accessible from the moment the user accepts the invitation. An info icon next to the field label identifies it as an account setting that cannot be left blank.
  • Upload Photo — optional profile photo. Recommended: square image, at least 200×200 px. If no photo is uploaded, the platform generates an initials badge automatically.

The same form appears when selecting Edit User for an existing user, allowing role and personal information to be updated after onboarding. When inviting, clicking Send Invitation dispatches an email titled You're invited to GC Surge with an Accept Invitation button. The link is single-use and expires after 72 hours. If the user misses it, a Super Admin can resend from the User List. Role and entity assignments apply the moment the invitation is accepted — no additional approval step.

How Role Assignment Works

Roles are assigned when a user is invited to the platform. The inviting Super Admin selects the role from a dropdown in the invitation modal. The invitee receives the role as part of their account from the moment they accept the invitation — they do not need to request access separately.

To change an existing user’s role, a Super Admin opens the User List, locates the user, and selects Edit User from the row’s Actions menu to update their role assignment. The change takes effect immediately on the user’s next page load or login. To control which specific locations a user can access within their role, the Super Admin selects Edit User Entities from the same Actions menu — a separate dialog where the user is assigned to or unassigned from entity groups (named collections of sites and cameras) using a tree view, with Override or Merge options.

Screenshot 2026-06-09 122520.png
Screenshot 2026-06-09 122533.png

Edit User Entities — Scoping Access

Within a user's role, entities control which specific sites and cameras they can see. The Edit User Entities dialog has a few controls:

  • Select Entity Group — assigns the user to a named collection of scopes (“North Region Sites”, “Customer X”, “Night Shift Sites”). Assigning a group grants access to every scope in it, and when the group changes (a site added or removed) every assigned user inherits the change automatically — without groups you'd update each user individually.
  • Role entity vs User entity — two sources of access. Role entities are organization-wide defaults applied to everyone with a role (“every Operator sees this customer”). User entities are per-user overrides (“this Operator also sees Customer Y”). Use Role entities for the standard set and User entities for special cases like limited-access contractors or extra-reach supervisors.
  • Override vs Merge — how a user's assignments combine. Merge is the typical case: the user gets their role's default access plus a few individually assigned extras. Override is for restricted users — a contractor who must see only Customer X, or a temporary auditor who should see exactly four sites. Override is more secure because it lists access explicitly, but it needs careful manual maintenance, since the user won't inherit organization-wide changes to the role's default scope.
  • Submit — saves the entity configuration (the selected group(s), the Merge/Override choice, and any individual entities added or removed). Effective access is recomputed on the server immediately; on the user's next page navigation, hidden sites and cameras disappear and newly granted ones appear. The change is logged in the audit trail with the editing admin, a timestamp, and a before/after diff.
Screenshot 2026-06-09 122601.png

Principle of Least Privilege

Always assign the minimum role that allows the user to perform their function:

  • Monitoring operators: Operator role. They need Video Search and ZenMode. They do not need Configuration or subscription visibility.
  • Shift supervisors: Operator role. If they need to run reports, consider analytics visibility — but they still do not need site management or user management access.
  • Site administrators responsible for onboarding: Super Admin role, but this should be a small group.
  • Finance contacts reviewing billing: Super Admin role. If Super Admin access must be granted, document and review it regularly.

Access Governance Best Practices

  • Review the user roster regularly — at minimum monthly for active deployments, quarterly for stable ones. Use Remove User for any user who has left the organization or no longer needs access.
  • Document your role assignment policy. Write down the rules your organization uses to determine who gets which role. This prevents inconsistency and makes onboarding new staff easier.
  • Audit Super Admin accounts explicitly. Know exactly who has Super Admin access at all times. The list should be short and intentional.
  • Use business email addresses. Personal email addresses make account management and recovery harder, and create risk if a user leaves the organization but retains access to their personal email.
  • Handle departures immediately. When an employee leaves, remove their account using Remove User on their last day. Do not wait for the next review cycle.
GC Surge