Role gate

What renders when the operator hits a surface their role can't access. Three flavours — full block, partial restriction, soft preview.

Stable3 compositions

COMPOSITION 01

The whole page is denied. Show the role needed, who can grant it, and an action.

Use whenThe operator has no read access to the resource at all.

Payroll needs Accountant or Owner role

Robert Mukamba can grant it from Settings · Members.

COMPOSITION 02

The operator can see the surface but sensitive columns (salary, ID number) are masked.

Use whenThe operator can see the page but not the sensitive fields. Common for HR list views.

Salary & ID masked for your role

Name	Role	ID number	Salary
Faith Moyo	Cashier	●● ●●●●●● ● ●●	$ ●●●
Alex Chiwanza	Cashier	●● ●●●●●● ● ●●	$ ●●●
Mai Ndlovu	Bursar	●● ●●●●●● ● ●●	$ ●●●
Stanford Kuda	Plant manager	●● ●●●●●● ● ●●	$ ●●●

COMPOSITION 03

Show a blurred preview of what the surface would look like with an unlock CTA — used for paywalled features in lower tiers.

Use whenThe operator could access this feature on a higher plan.

Revenue

124,810

Cost

76,400

Margin

39 %

Operator plan

Multi-site rollups, cost variance, margin trends. Available on Operator and Enterprise plans.

Name the role and the operator who can grant it.

Don't

Render a generic 403. The operator did nothing wrong.

Make "Request access" a real action.

Don't

Hide the sidebar item entirely. Show greyed; click leads here.