Oversee dozens of communities without trampling on their autonomy.
The municipal Admin layer gives ward councillors and regional managers a federated view of every community in their portfolio — with strict access scoping, full audit, and no ability to peek into things they shouldn't.
Tenant isolation — preserved.
Admins see what their role allows in the groups they're assigned to. Communities keep their data. Every admin action is logged separately from tenant audit.
You get a group
A municipal admin is assigned to a tenant_group — e.g. Ward 88 or Region East.
You see only your group
Cross-tenant queries are scoped to admin_accessible_tenants(). RLS enforces it at the database level.
You do specific things
Flags: can_moderate, can_export, can_suspend. Default off — granted per appointment.
Everything's audited
Every admin action lands in admin_audit_logs — separate from tenant audit, append-only, indefinite retention.
What the Admin module unlocks.
Federated moderation queue
One inbox for moderation reports across every community in your portfolio. Triage, hand off, resolve — with audit.
Group health metrics
Materialised view rolls up engagement, governance, finance, and safety scores per community — refreshed hourly.
Cross-community incident heatmap
Aggregate protection incidents across your wards. Spot patterns no single estate can see.
Bulk export with audit
One-click CSV / JSON exports of community data, scoped to your group. Every export logged with reason and scope.
Onboarding assistance
Help a community in your ward get set up — with explicit scope and a time-limited grant on their tenant.
Suspension & intervention
Permission-gated ability to suspend a tenant in your group — with reason, evidence link, and notification trail.
See it on a sandbox of your own region.
We'll load a synthetic version of your portfolio so you can try the federated view without onboarding a single community.