As you build your team, controlling who can access and change your church's information is essential. EvangelOS uses a role-based permission system — every user is assigned exactly one role that defines what they can see and do across the platform.
Full access to everything — settings, billing, integrations, user management, all data, and all features. Reserve this role for your most trusted senior leaders or primary church administrator. Only Site Admins can invite other Site Admins.
Day-to-day operational access. Editors can add and edit members, create events, send communications, manage groups, and use most features. They cannot access billing, integrations, or user management settings.
Read-only access across the platform. Viewers can see member records, event details, reports, and analytics — but cannot create or edit anything. Ideal for council members who need visibility without the ability to make changes.
This role is for congregation members accessing the Member Portal — a self-service area where they can view their own profile, submit prayer requests, register for events, and manage their giving. Members have no access to the administrative backend. Available on all plans, including Essential.
Scoped exclusively to the Financial Management section. Financial users can manage giving records, process batches, generate giving statements, and connect to QuickBooks Online — but have no access to member data, events, or communications. Ideal for a bookkeeper or finance team member.
Access limited to volunteer scheduling and ministry assignments. Volunteers can view their assigned shifts, check in to scheduled service, and see ministry-related information. They cannot view full member records or access administrative areas.
Scoped to the specific group(s) this person leads. Group Leaders can take attendance, message their group members, manage group details, and add notes — but only for their assigned group(s). They cannot see other groups or access any other section of the platform.
A purpose-built role for check-in station operators. Users with this role can only access the Check-In module — they can check members and guests in or out of events and services, but cannot view or edit any other data. Perfect for greeters and welcome team members operating a check-in kiosk. Requires Event Check-In feature (Growth plan and above).
| Feature Area | Site Admin | Editor | Viewer | Member | Financial | Volunteer | Group Leader | Check-In Vol. |
|---|---|---|---|---|---|---|---|---|
| Members & People | Full | Full | View only | Own profile | None | None | Group only | None |
| Groups | Full | Full | View only | Own group | None | None | Assigned only | None |
| Events | Full | Full | View only | Register | None | Assigned shifts | None | Check-In only |
| Communications | Full | Full | View only | None | None | None | Group only | None |
| Giving & Finance | Full | None | None | Own giving | Full | None | None | None |
| Analytics & Reports | Full | Full | View only | None | Financial only | None | None | None |
| Settings & Billing | Full | None | None | None | None | None | None | None |
| User Management | Full | None | None | None | None | None | None | None |
Deactivating a user immediately revokes their access. Their historical data and contributions are preserved.
Can I change a user's role after they have joined?
Yes. From the Users tab in Settings, click the ... menu next to any active user and select Edit Role.
Can a user have more than one role?
No — each user is assigned a single role. If someone needs broader access, assign them the role with the widest appropriate permissions.
Do Members see the same admin interface as my team?
No. Members log in through the Member Portal (a separate, simplified interface) and never see the administrative backend.
What happens to a user's data if I remove them?
Removing a user only revokes their login access. Any records, notes, or actions they took in the system are preserved.