Permissions matrix
The role required for each Aevon view and action. For how roles are granted, see Permissions.
Views
| View | Anyone | Approver | Reviewer | Account admin | Admin |
|---|---|---|---|---|---|
| Calendar | ✅ | ✅ | ✅ | ✅ | ✅ |
| Reports | ✅ | ✅ | ✅ | ✅ | ✅ |
| Approvals | — | ✅ | — | — | ✅ |
| Billing review | — | — | ✅ | — | ✅ |
| Accounts | — | — | — | ✅ | ✅ |
| Settings | — | — | — | — | ✅ |
Actions
| Action | Required role |
|---|---|
| Log / edit / delete own worklogs | Anyone (with Jira's own worklog permission) |
| Submit / recall own week | Anyone |
| Approve / reject a submitted week | The named approver (or admin) |
| Manage accounts, categories, routing | Account admin or admin |
| Edit worklog rules, custom attributes, permissions | Admin |
| Run billing review + export | Reviewer or admin |
Notes
- Jira site administrators always have full access — a universal override that can't be removed inside Aevon, and that implies every Aevon role.
- The Aevon Administrator, Account Administrator, and Reviewer roles are granted to Jira groups in Jira → System → Global permissions (default:
jira-administrators) — the only place roles are managed. - Admins hold every narrower role — admin implies account admin, reviewer, and approver.
- Editing requires an active license; reads and exports stay open if it lapses (no data lock-in).
- All checks are enforced on the backend resolvers, not just the UI.