Role Based Access Control (RBAC)
GovEagle uses role-based access control (RBAC) to determine what each user can do after authentication through Azure AD B2C. Roles are assigned by your workspace Admin and enforced directly in GovEagle.
GovEagle has the following default roles:
User
Users have access to all the core GovEagle functionality, including:
Creating and managing opportunities
Starting and participating in AI chats
Using the GovEagle web app
Using the Word add-in to draft and edit proposal content
Users cannot modify the shared content library.
Content Manager
Content Managers have all the permissions that Users have, plus the ability to modify and manage the content library:
Add new documents to the library
Delete outdated or unused documents
Tag and organize content for easier search and reuse
Admin
Admins have all the permissions that Users and Content Managers have, plus control over organization-wide settings. Admins can:
Add integrations to the library
Edit opportunity workflow stages
Manage organization AI rules and writing style
Manage user roles and permissions in the workspace
Create and manage groups
In short: Users create and work on opportunities, Content Managers also manage the content library, and Admins manage workspace settings, roles, and users.
Permissions Summary
Feature / Permission | User | Content Manager | Admin |
|---|---|---|---|
View and edit opportunities | ✅ | ✅ | ✅ |
View Content Library | ✅ | ✅ | ✅ |
Edit Content Library | ❌ | ✅ | ✅ |
Manage Tags | ❌ | ✅ | ✅ |
Manage Company Profiles * | ❌ | ❌ | ✅ |
Manage Organization AI Preferences * | ❌ | ❌ | ✅ |
Manage Opportunity Workflow Statuses* | ❌ | ❌ | ✅ |
Manage Custom Task Statuses * | ❌ | ❌ | ✅ |
Manage Capture Questions Template * | ❌ | ❌ | ✅ |
Manage Integrations * | ❌ | ❌ | ✅ |
Manage Roles * | ❌ | ❌ | ✅ |
Manage Groups * | ❌ | ❌ | ✅ |
Manage Users * | ❌ | ❌ | ✅ |
View Chat Feedback * | ❌ | ❌ | ✅ |
*Items with an asterisk are admin settings features accessible through the Settings page
Custom Roles
Through the Roles tab in Settings, you can create additional roles that have custom permissions with any combination of the available permissions above.
For example, you may want to create a Sub-admin role that has full access to configure opportunities, documents, and features within GovEagle, but does not have access to configuring other users (Manage Roles, Groups, and Users) or connecting external data sources (Manage Integrations).
Creating Custom Roles
To create a custom role:
Navigate to Settings > Roles
Click + Create Role
Name your custom role
Select the specific permissions you want to grant
Click Save
Once created, you can assign this custom role to users just like the default roles.
Managing Roles
From the Roles tab in Settings, you can:
View all existing roles (default and custom)
Edit custom role permissions
Delete custom roles (default roles cannot be deleted)
See which users are assigned to each role
Groups
Groups allow you to organize users and grant them access to shared resources like opportunities and content library folders. Instead of managing permissions individually for each user, you can add users to a group and grant permissions to the entire group at once.
What Groups Are Used For
Groups are particularly useful for:
Proposal Team Organization
Create groups for specific proposal teams (e.g., "NASA Team," "DoD Team")
Grant the entire group access to relevant opportunities and content folders
Department or Division Access
Organize users by department (e.g., "Capture Team," "Technical Writers," "Pricing Team")
Limit access to sensitive content or opportunities by group membership
Teaming Partner Collaboration
Create groups for external teaming partners
Control what content and opportunities partner organizations can access
Role-Based Grouping
Group users with similar responsibilities (e.g., "Proposal Managers," "Subject Matter Experts")
Streamline access management for users with common needs
Creating and Managing Groups
To create a group:
Navigate to Settings > Groups
Click + Create Group
Name your group (e.g., "NASA Proposal Team")
Add users to the group by selecting them from your organization
Click Save
Once created, you can:
Add or remove users from the group
Grant the group access to specific opportunities
Share content library folders with the group
Delete groups that are no longer needed
Using Groups with Opportunities
When setting up an opportunity, you can grant access to specific groups rather than individual users. This means:
All group members can view and work on the opportunity
New members added to the group automatically gain access
Removing someone from the group revokes their access
Using Groups with Content Library
When organizing your content library, you can share folders with specific groups:
Grant read access to allow group members to view documents
Grant edit access to allow group members to add and modify content
Restrict sensitive content to specific groups only
Best Practices for Groups
Keep Groups Purpose-Driven Create groups based on how teams actually work together rather than organizational hierarchy alone.
Review Group Membership Regularly As team members change roles or leave the organization, update group membership to maintain security.
Use Descriptive Group Names Name groups clearly so their purpose is obvious (e.g., "Air Force RFP Team" rather than "Team A").
Combine with Roles Groups control what users can access, while roles control what users can do. Use both together for comprehensive access control.
Document Group Purposes Maintain a reference guide explaining what each group is for and who should be included.
Managing Users
Admins can add, delete, and manage users from the Users tab in Settings.
Adding New Users
To add a new user to your workspace:
From the Users tab of Settings, click the + Create user button
Fill out the new user's name, email, and role
Optionally add the user to one or more groups
Click Create user
The newly created user will receive an email with login instructions.
Managing User Roles
To adjust a user's role:
Find the user in the Users list
Change their role using the dropdown menu at the right of the row
The change takes effect immediately
Managing User Group Membership
To add or remove a user from groups:
Click on the user in the Users list
View their current group memberships
Add or remove groups as needed
Save your changes
Deactivating Users
When team members leave or no longer need access:
Find the user in the Users list
Click the options menu (three dots)
Select Deactivate User
Deactivated users can no longer log in but their historical activity (chats, document edits, etc.) is preserved.
Access Control Best Practices
Principle of Least Privilege Grant users only the permissions they need to perform their jobs. Start with the User role and elevate to Content Manager or Admin only when necessary.
Regular Access Reviews Periodically review user roles and group memberships to ensure they're still appropriate as responsibilities change.
Use Groups for Team-Based Access Rather than granting individual access to opportunities and folders, use groups to manage team-based access more efficiently.
Separate Roles and Groups Remember that roles define what users can do (permissions) while groups define what users can access (content and opportunities). Use both appropriately.
Document Your Access Structure Maintain documentation explaining your role and group structure so new admins can understand and maintain it.
Audit Admin Accounts Limit the number of users with Admin roles and review admin activity periodically for security.