This page contains dynamic content -- Highest Possible Classification is Controlled Unclassified Information (CUI).

Security Roles


The World-Class Facilities Toolkit has a multi-tiered security system design to facilitate the needs of all users. It starts off by defining whether a user is a government,  non-government, or public entity. From there, we define several security roles within the application. Then, the Project Tool implements its own security layer to ensure only the right people can access the materials that are part of each project.

User Roles

User roles are used to define a level of access to the resources within the Toolkit. Resources that are identified as accessible to everyone are marked "Public".

In addition to "Public" access, there are three levels of access granted to registered users:

  • Non-Government (NonGov)

    In addition to the resources available to a Public user, the NonGov user also has the ability to see resources that have been configured to be accessible to a "NonGov" user.

  • Government (Gov)

    Government users have access to all resources that are marked for "Public", "NonGov", and "Gov" access.

  • Executive User (Exec)

    Executive users have access to all resources in the application.

Additional Privileges

In addition to having access based on user role, there are also security privileges granted to those who need to have oversight over certain modules of the World-Class Facilities Toolkit.

Knowledge Center Administrator

The Knowledge Center Administrator has the ability to manage all resources that are part of the Knowledge Center module of the Toolkit.

Project Tool Administrator

The Project Tool Administrator has rights necessary to manage resources and projects within the Toolkit.

System Administrator

The System Administrator has all rights to add, edit, delete, and manage all resources, projects, lookup tables, and users throughout the application.


Within the CIDM module, there are five types of privileges, indicating which sub-module can be accessed:

  • CIDM Administrator
  • CIDM Archive
  • CIDM Planning Team
  • CIDM Project Manager
  • CIDM Scorer

Project Teams

Assuming one has sufficient permissions to see a project and its resources, a Project Manager also has the ability to designate teams of registered users, and their access to the resources in the project.


Can only see and read resources within the project. The user role (NonGov, Gov, Exec) will also impact what resources may be visible to the user.


In addition to being able to read resources within the user's defined role in the application, the contributor is also allowed to upload resources to the project.


The project Manager can view, edit, upload, and delete all resources in the project. In addition, the Manager can edit the Team membership list and edit the roles of Team members.