Notification permissions (notifications.*) control which categories of notifications a user can receive. Unlike API and page permissions which gate access, notification permissions determine subscription — a user without a given notification permission simply won’t receive those notifications.
Individual notification preferences (email, push, in-app) are configured separately per user. The permissions below control whether a user is eligible to receive a category of notifications at all.
Core Notification Permissions
| Permission Key | Status | Description |
|---|
notifications.view | Active | View notifications (required for any notification access) |
notifications.manage | Active | Manage system notifications (POST endpoint) |
Notification Categories
These permissions control eligibility for specific notification categories. They are used in the permissions management UI to group notification subscriptions.
| Permission Key | Status | Description |
|---|
notifications.admin | Active | Admin notifications — system-wide alerts, deployment notices, maintenance events |
notifications.security | Active | Security notifications — breach alerts, login anomalies, integrity check results |
notifications.jobs | Active | Job notifications — new jobs, status changes, case note additions, contractor assignments |
notifications.users | Active | User notifications — account creation, role changes, onboarding events |
notifications.financial | Active | Financial notifications — invoice submissions, bulk payment completions, overdue payments |
Targeted Notification Permissions
These permissions are used by notifyUsersWithPermission() to send notifications to all users holding a specific key, rather than gating a category.
| Permission Key | Status | Description |
|---|
notifications.admin.deployments.notify | Active | Receive deployment notifications |
notifications.admin.security.guard_access.notify | Active | Receive security guard access alerts |
How Notification Routing Works
When a notification event occurs (e.g. a new job is created), the system:
- Determines which notification permission category applies (e.g.
notifications.jobs)
- Finds all users who hold that permission
- Filters by each user’s individual notification preferences (email / push / in-app)
- Delivers the notification through the selected channels
For targeted notifications, the system uses notifyUsersWithPermission('permission.key') to send directly to all holders of that specific key, bypassing category routing. 
