JobSim distinguishes human and bot users, organization-scoped work, and platform-wide administration. This page matches the UserRole enum in src/common/models.py and the gates in src/common/auth.py and src/apis/simulation_admin/access.py.

Canonical role values (API)

Role strings appear on authenticated API requests (for example as claims on issued tokens, depending on your deployment). Typical meanings:
RoleValue in APITypical use
Super adminsuper_adminCross-org platform operations, elevated admin APIs.
Organization adminadminFull org admin UI and /api/v1/admin/simulation/* (with org scope).
HRhrOrg-scoped people tasks; not simulation admin API.
ExecutiveexecutiveLearner-class experience; current Next.js gates for chat vs admin dashboard treat executive like employee (no redirect to /admin or /org-admin). Individual API routes may still check this role when added.
EmployeeemployeeDefault learner.
BotbotAI characters and automated identities—not org admins.
Super admin override: Many dependencies treat super_admin as satisfying elevated checks even when the primary role would be admin or stricter.

Organization admin vs HR (important distinction)

  • admin is role that passes require_admin on simulation admin routes (src/apis/simulation_admin/access.py). Those routes implement simulation settings, characters, tasks, templates, knowledge, replay, and related org configuration.
  • hr can help with people workflows (for example creating employee users via the users API—see src/apis/users.py) and can access certain frontend pages that admin can also access (for example /characters). hr does not receive org admin dashboard access or simulation admin API access under require_admin.
When this documentation says “org admin,” it means the admin role unless stated otherwise—not hr.

Main frontend routes by role

SurfaceRoute(s)Who uses it
Learner hub (chat)/chatemployee, executive, hr (and others who are not steered away—see below). Primary Slack-like experience: channels, DMs, tasks, lifecycle polling, notifications.
Personal dashboard/dashboardLearners; personal metrics and insights.
Org admin dashboard/org-admin for org admins, /admin for platform adminsadmin, super_admin. Org admins are placed in organization view for their tenant; super admins can switch to platform view.
Characters lab/charactersadmin and hr only (product UI gate).
Onboarding/onboarding/*New users moving through signup and profile flows.
Routing behavior: The chat page sends users with role admin or super_admin to admin surfaces (/org-admin for org admins, /admin for super admins) instead of keeping them on /chat. So in current product, org and platform admins are not positioned as primary “chat learners” on first entry—design and docs should assume they manage from admin dashboard surfaces unless routing changes.

Org admin dashboard (role admin)

Rendered via OrgDashboard (frontend/src/features/org-admin/components/). Typical areas:
AreaPurpose
OverviewOrganization health, simulation health, team performance, members.
PeopleMember-oriented admin for the org.
AnalyticsOrg-level analytics and simulation KPIs where wired.
SimulationSimulationDashboard — characters, tasks, templates, settings, scenario tooling, knowledge uploads, replay, and other simulation admin features backed by /api/v1/admin/simulation.
SettingsBranding and org-facing settings exposed by the product.

Platform super admin (role super_admin)

Same /admin shell with platform tabs (for example users, organizations, analytics, billing, system health, audit logs)—see AdminSidebar and related components. Uses cross-org and /api/v1/admin/... style endpoints where implemented.

API enforcement (summary)

PatternMeaning
require_adminOnly admin or super_admin. Used across /api/v1/admin/simulation/*.
require_roles([ADMIN, HR])Example: creating users in-org; HR may create employee users only (see users API).
require_super_adminPlatform-only routes.
Org id on requestsNon–super-admin callers are generally restricted to current_user.organization_id for mutating org data.
Exact rules are per route—use the API reference tab and source for edge cases.

Source anchors

  • Roles: src/common/models.py (UserRole).
  • require_admin: src/apis/simulation_admin/access.py.
  • Chat redirect: frontend/src/app/chat/page.tsx.
  • Admin dashboard gates: frontend/src/app/admin/page.tsx, frontend/src/app/org-admin/page.tsx.
  • /characters gate: frontend/src/app/characters/page.tsx.