Roles & permissions

Role overview

MASLOW uses role-based access control (RBAC) to ensure users only access what they need. There are three roles:

Role	Description
Admin	Clinic administrator — manages users, settings, and survey templates
Provider	Clinician — creates surveys, assigns to patients, reviews AI reports
Patient	End user — completes assigned surveys

Permission matrix

Action	Admin	Provider	Patient
Configure clinic settings	✅	❌	❌
Invite/manage users	✅	❌	❌
Manage survey templates	✅	❌	❌
Create custom surveys	✅	✅	❌
Assign surveys to patients	✅	✅	❌
View AI reports	✅	✅ (own patients)	❌
Complete surveys	❌	❌	✅
View own survey responses	❌	❌	✅
View audit logs	✅	❌	❌

Role assignment

Roles are assigned when a user is invited to MASLOW. Admin users control role assignments for their clinic.

Provider scope

Providers can only view data for patients assigned to them. They cannot access other providers’ patients or clinic-wide analytics (unless also granted admin access).

Patient scope

Patients can only access their own surveys and responses. They cannot see other patients’ data or any provider/admin interfaces.

Multi-clinic access

Users are scoped to a single clinic. If a provider works at multiple clinics using MASLOW, they need separate accounts for each.

Trust

Access control

Role overview

Permission matrix

Role assignment

Provider scope

Patient scope

Multi-clinic access

Trust

Access control

​Role overview

​Permission matrix

​Role assignment

​Provider scope

​Patient scope

​Multi-clinic access

Role overview

Permission matrix

Role assignment

Provider scope

Patient scope

Multi-clinic access