Introducing a New Access Model at ClubCentric

SEATTLE, WA - Today, we’re introducing a refreshed and foundational change in how users interact with student organizations. As we prepare to scale into larger school networks and formal student-led infrastructures, it became clear that the old model — while fast and functional for early-stage testing — would no longer meet the standards of safety, flexibility, and accountability that modern student organizations require.

This post outlines our move away from the legacy Club ID and Password login system and introduces our transition to a structured, role-based access model (RBAC) — a system that brings the necessary control, transparency, and extensibility for the future of ClubCentric.

Moving Beyond the Club ID/Password Model

When ClubCentric first launched, we used a simple login model based on a shared Club ID and password. It was fast to implement, easy for clubs to share, and got us to market quickly. But as usage grew and schools began onboarding, it became clear that this model couldn't scale securely. Shared credentials are inherently insecure — they prevent individual accountability, make audit trails impossible, and break down quickly in clubs with high member turnover.

After many conversations with school districts, advisors, and student leaders, we made the hard but important decision to deprecate the Club ID/Password model entirely. While this transition required thoughtful planning and communication with existing users, it laid the groundwork for an access system that aligns with our long-term goals of trust, compliance, and operational excellence.

Why We're Building RBAC

We're currently in development of a new Role-Based Access Control (RBAC) system. This will replace the outdated shared-credential model with one where each user is individually authenticated and granted specific permissions tied to their role within a club. RBAC enables us to assign users to clubs with scoped access — not just at a general level, but down to the modules and actions they can interact with.

This shift will provide:

• Security: Users are identified individually, reducing the risk of credential leakage and unauthorized access.
• Auditability: We can track who did what, when, and where — critical for compliance, incident response, and trust.
• Scalability: Leadership changes no longer require manual credential handoffs. Clubs remain secure and functional across transitions.
• Flexibility: Schools and districts can configure policies that enforce boundaries while empowering students to lead.
• Collaboration: Users will be able to co-create meetings, comment on forms, and work within shared modules through real-time, permission-aware tools — including a native document system built to replace tools like Google Docs.

Now with personalized roles and permissions, users can now engage in real-time collaboration within modules like Announcements, Forms, and Meetings. Whether it's co-creating meeting agendas, commenting on club-wide forms, or accessing a built-in document system that replaces Google Docs with native, permission-aware versioning — RBAC lays the foundation for secure, multi-user workflows across the platform..

A Look at Our Access Types

Our upcoming RBAC system is designed with multiple levels of access in mind — including Club Owner, Admin, Moderators, and Fine-Grained permissions. For this post, we’re focusing on three key types: Owner, Member, and Fine-Grained. These categories reflect real-world needs for governance, delegation, and security. While this system is still under development, the diagrams below represent our design intent and the direction we’re heading. Club Owner, Club Member, and Fine-Grained. These levels reflect real-world needs for governance, delegation, and security. While this system is still in development, we’re sharing our design intent through the visual diagrams below.

Club Owner Access

The Club Owner role is the highest level of access within a club. This user has full visibility and control over every module — including Forms, Meetings, and Finance — and can perform all critical actions: Edit, Delete, and Manage. Club Owners pass both the Role Guard and all associated Permission Guards. Nothing is restricted. This level of access is typically reserved for the President and Vice-President roles in a traditional school club structure.

Club Member Access

The Club Member role is intentionally scoped to provide essential functionality without overexposing sensitive features. Members can participate in meetings, respond to forms, and interact with shared content — but they don’t have edit-level permissions or access to restricted modules like Finance.

Fine-Grained Access

Fine-Grained access is designed for those one-off cases where a club needs to delegate narrowly scoped responsibilities. While most clubs will assign their executive teams broad roles like Club Owner or Admin, there are times when precision matters — for example, granting a Treasurer access only to the Finance module, with the ability to Edit and Manage but not Delete.

This level of control is especially useful for larger school networks, oversight committees, or when clubs want to enforce strict security protocols. The system applies both Role Guards and Permission Guards to evaluate exactly what modules a user can see and what actions they’re permitted to take within them. It’s not the default, but it’s a powerful option when you need it.

Looking Ahead

Student organizations deserve tools that match the complexity of their structure and the responsibility of their data. Moving away from shared Club ID/Password logins to a fully-featured RBAC system isn’t just a security upgrade — it’s a statement of intent. We're building for sustainability, for schools, and most importantly, for students who deserve modern infrastructure.

RBAC at ClubCentric is not just a backend change — it’s a new way to think about leadership, collaboration, and digital trust in student life.