Platform Feature
Entitlement Engine
Define exactly what every user can do — not just what they can see.
Why it matters for institutional data
Geography Access Control determines which beneficiaries and submissions a user can see. The Entitlement Engine determines which actions they can take — submitting surveys, reviewing quality, approving validations, exporting data, and administering the programme. Together they give your organisation complete, auditable control over every human touch-point in your data operation.
Key Capabilities
Role-Capability Matrix
Define precisely which actions — submit, review, validate, export, configure — are permitted for each named role. Changes propagate instantly to every API call across the web app and mobile client, with no cache lag.
Survey-Level Role Overrides
Assign a user a different role for a specific survey without altering their organisation-wide profile. Ideal for cross-district supervisors, independent external validators, and ad-hoc programme auditors.
Capability Inheritance & Tenant Isolation
Higher-level roles inherit capabilities from subordinate roles by default, reducing setup overhead. Strict multi-tenant isolation ensures no capability or data ever bleeds across organisational boundaries.
Common Questions
How is the Entitlement Engine different from Geography Access Control?
Geography Access Control answers 'which records can this user see?' The Entitlement Engine answers 'what actions can this user take?' Both layers are enforced simultaneously on every request — a district manager can only act on submissions within their geography, and only using the actions their role permits.
Can I create custom roles with any combination of capabilities?
Yes. Roles are fully configurable and any capability — from form submission to report export — can be selectively enabled or disabled per role. Most programmes start with the standard roles Quneiform provisions by default (enumerator, supervisor, QC officer, validator, admin) and extend from there without writing any code.