> ## Documentation Index
> Fetch the complete documentation index at: https://meganharrisonconsulting.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Understand Permissions And Visibility

> Learn why pages, records, employee information, or actions may be visible or hidden.

Alleato PM uses role, project membership, and admin checks to decide what a
person can see or change.

The access model has several layers:

1. Project access decides whether the person can open the project.
2. The active project or company permission role decides the baseline module
   access.
3. Per-user module overrides and granular flags can allow or deny specific
   modules or sensitive actions.
4. Explicit page-role policies from Site Map can further restrict which roles
   can open a page.

If a page, button, project, company, contact, or employee record is hidden, the
most likely reasons are:

* the user is not assigned to the project,
* the page is admin-only,
* the page has an explicit Site Map **Allowed Roles** policy and the user's role
  is not selected,
* the action requires a stronger permission level,
* the record is intentionally private or employee-sensitive,
* the source system has not synced the expected record yet.

## Page Access In Site Map

Site Map has two role-related columns:

* **Allowed Roles** controls the page-level allowlist.
* **Roles That Qualify** is a read-only explanation of which roles satisfy the
  current module requirement.

If those columns disagree, treat **Allowed Roles** as the page access control.
Use **Roles That Qualify** only to understand what the module requirement would
allow.

## Employee And Email Privacy

Employee email and inbox content should be treated as sensitive. Ask Alleato
should not expose another employee's email surface just because synced data
exists. If a user asks why they can see another employee's emails, the answer
should identify it as a permissions issue and recommend removing or tightly
gating that surface.

## What Ask Alleato Should Do

For permission questions, Ask Alleato should check route scope, project
membership, the active permission role, page-level role policy, module rules,
granular flags, and related help docs. If it cannot verify the exact user's
access in the current context, it should say that clearly and explain the likely
rule instead of giving a false certainty.
