Configure Authorizations
Authorizations define what a person is approved to do within your maintenance organization.
They are different from roles and permissions. A role controls what a user can access in FlightLogger Maintenance. An authorization controls what the person is approved to perform from a maintenance or compliance perspective.
This distinction is important because a user may have access to a page without being authorized to perform controlled maintenance actions or signoffs.
What authorizations are used for
Personnel authorizations help your organization control maintenance responsibility.
They can define:
- What type of work a person is approved to perform
- Which aircraft models or systems the authorization applies to
- Whether the person can complete inspections
- Whether the person can complete functional tests
- Whether the person can act as certifying staff
- Whether the person can complete CRS-related signoffs
- Whether the authorization has limitations or conditions
- When the authorization becomes effective
- When the authorization expires
Authorizations support compliance, accountability, and audit readiness.
Roles vs authorizations
Roles and authorizations are connected, but they are not the same.
A role answers: “What can this user access in the system?”
An authorization answers: “What is this person approved to do in the maintenance organization?”
For example, a technician may have a role that allows access to Workshop and active work orders.
That role may allow the technician to open tasks, record time, or add work information.
But if the technician needs to complete an inspection signoff, functional test signoff, certifying staff action, or CRS-related step, the relevant authorization may also be required.
System access does not automatically grant maintenance authority.
Certificates vs authorizations
A personal certificate or qualification is not automatically the same as an authorization inside your FlightLogger Maintenance account.
A person may hold a qualification, but your organization still needs to decide what that person is authorized to do within your account.
FlightLogger Maintenance separates this because maintenance authority is account-specific.
For example:
- A person may be qualified, but not authorized for a specific aircraft model.
- A person may be authorized for inspection, but not CRS.
- A person may be authorized for one aircraft model, but not all aircraft models.
- A person’s authorization may have an expiry date or limitation.
This helps keep operational authority controlled and traceable.
When to configure authorizations
You should configure or review authorizations when:
- Setting up FlightLogger Maintenance for the first time
- Adding new maintenance personnel
- Adding certifying staff
- Assigning inspection responsibilities
- Assigning functional test responsibilities
- Preparing CRS-related workflows
- Adding aircraft models
- Updating qualifications
- A person changes responsibility
- An authorization expires
- Preparing for an audit
- Reviewing compliance readiness
Authorizations should be kept up to date as your organization changes.
Before you configure authorizations
Before configuring authorizations, prepare:
- The person or user who should receive the authorization
- The type of work they are approved to perform
- Relevant aircraft model coverage
- Whether the authorization applies to all models or selected models
- Authorization level or responsibility
- Effective date
- Expiry date, if applicable
- Any limitations or conditions
- Supporting qualification or certificate information, if required by your process
Clear preparation reduces the risk of assigning incomplete or incorrect authority.
How to configure authorizations
To configure authorizations:
- Go to Administration.
- Open Authorizations.
- Select the relevant person or user.
- Create a new authorization or update an existing one.
- Define the authorization type.
- Define the scope, such as aircraft model coverage.
- Add effective dates, expiry dates, or limitations if required.
- Save the authorization.
- Review that the authorization matches the person’s real responsibility.
The exact labels may vary depending on your account setup.
What to include in an authorization
A good authorization should clearly describe what the person is approved to do.
Include:
- Authorization type
- Scope of approval
- Aircraft model or system coverage
- Effective date
- Expiry date, if relevant
- Limitations
- Conditions
- Any required reference to qualification or internal approval
Avoid vague authorizations. They should be specific enough to support daily use and later review.
How authorizations affect daily work
Authorizations may affect controlled maintenance actions and signoff workflows.
For example, authorizations may be relevant when a user needs to:
- Complete an inspection
- Complete a functional test
- Act as certifying staff
- Complete CRS-related steps
- Approve or release certain maintenance documentation
- Perform work that requires defined authority
If a user cannot complete a controlled action, review both their system access and their authorization setup.
How authorizations support compliance
Authorizations help show that the right person performed or approved the right work.
They support:
- Maintenance control
- Signoff validity
- Audit readiness
- Responsibility tracking
- Compliance documentation
- Internal quality processes
During an audit or internal review, authorizations can help explain why a person was allowed to perform a specific controlled activity.
Keeping authorizations up to date
Authorizations should not be configured once and forgotten.
Review them regularly.
Update authorizations when:
- Qualifications change
- Responsibilities change
- Aircraft model coverage changes
- Expiry dates are approaching
- A person leaves the organization
- A person moves to a different role
- New maintenance procedures are introduced
Outdated authorizations can create compliance risk.
Common mistakes to avoid
-
Do not treat a role as an authorization.
-
Do not assume a certificate automatically grants account authority.
-
Do not give broad authorizations without a clear reason.
-
Do not forget expiry dates.
-
Do not leave authorizations active for people who no longer perform the work.
-
Do not authorize a person for all aircraft models if the approval only applies to selected models.
-
Do not wait until an audit to review authorization data.
Best practices
-
Keep authorizations aligned with real responsibilities.
-
Use clear authorization names and scopes.
-
Review authorizations before go-live.
-
Review authorizations regularly after go-live.
-
Add expiry dates where required.
-
Keep authorizations aligned with personnel qualifications.
-
Review both role access and authorizations when troubleshooting signoff issues.
-
Document important authorization decisions according to your internal procedures.
Summary
Authorizations define what a person is approved to do within your maintenance organization.
They are different from roles and permissions. Roles control system access. Authorizations control maintenance authority.
Correct authorization setup helps ensure that controlled maintenance actions, inspections, functional tests, certifying staff actions, and CRS-related steps are performed by the right people and remain traceable for compliance.