Case roles: Owner, Admin, Investigator, Viewer, Client

Every person who can access a Case has a role on that Case. The role decides what they can see and do, separate from their account-level role. NearbySpy enforces these roles at the database layer through Row Level Security, so role checks happen on every read and write, not just in the UI.

The five Case roles

Owner

Full control of the Case. Can do everything Admins can, plus transfer ownership to another Member and delete the Case. Every Case has exactly one Owner, usually the Investigator who created it.

Admin

Manages the Case. Can add and remove Members, change Member roles, change Case settings, and control Operation visibility for Clients. Admins cannot transfer ownership or delete the Case. Use this role for senior team members or co-leads on a matter.

Investigator

Does the work. Can create and edit Operations, upload and tag Evidence, write Notes, schedule on the Calendar, and comment. Investigators cannot manage Members or change Case settings, and they do not control Client visibility. Use this for Operators on the Case: your subcontractors, junior PIs, or co-investigators in the field.

Viewer

Read-only access to the Investigator side of the Case. Can see Operations, Evidence, Notes, and Reports, but cannot create or edit anything and cannot comment. Use this for stakeholders who need visibility without the ability to change the record (an attorney monitoring a Case, a senior partner reviewing).

Client

The narrowest role. Sees only what has been explicitly shared with Clients on this Case: Operations marked visible to Clients, Evidence on those visible Operations, and Reports you have shared. Clients can read shared Messages, comment on visible Operations, and join scheduled video calls. Clients never see internal Notes, hidden Operations, Subjects you have not shared, or the rest of the Member list. See Controlling what Clients see on Operations.

Permission rules in plain English

• Higher Investigator-side roles can do everything lower Investigator-side roles can do, plus more. Client is its own outside-the-team category.
• Permissions are checked on every action: can this user perform this action on this resource?. Checks happen at the database level via RLS, not just in the UI.
• The default answer is no. We deny by default and grant explicitly.
• Removing a Member is immediate; access is revoked on their next page load. The audit trail keeps a record of the removal.

Choosing the right role

• Co-lead Investigator on a multi-month matter: Admin.
• Field PI you subcontract for surveillance shifts: Investigator.
• An attorney who only needs to watch progress: Viewer.
• The actual person paying you: Client.
• You: Owner, on Cases you create.

Changing a Member's role

Open the Case and go to the Members tab. Owners and Admins can change roles. Promoting a Viewer to Investigator instantly grants them write access; demoting a Member is similarly instant. The audit trail records every role change.

Transferring ownership

Only the Owner can transfer ownership, and only to an existing Admin on the Case. After transfer, the previous Owner becomes an Admin. There is no shared ownership.

Account-level role vs Case-level role

Your account-level role (Client or Investigator) decides which dashboard you land on after sign-in. Your Case-level role (Owner, Admin, Investigator, Viewer, or Client) decides what you can do inside that specific Case. They are independent. See Why you land on Client vs Investigator dashboard.

Related articles

• Inviting a Client when creating a Case
• Controlling what Clients see on Operations
• Case Settings: governance and permissions