User Roles & Permissions

# User Roles & Permissions RecSystems uses a role-based permission system to control what team members can access and modify. Understanding these roles helps you properly manage your staff and maintain security. ## Available Roles RecSystems has 2 user roles for managing your team: ### 1. Employee Role **Purpose**: For staff members who handle day-to-day operations **Key Permissions**: - Create and manage bookings - Process check-ins and check-outs - View customer information - Access reports (view-only) - Manage their own profile **Cannot**: - Modify pricing or price rules - Add/remove other users - Change business settings - Access financial reports - Delete bookings ### 2. Admin Role **Purpose**: For managers and owners who need full system access **All Employee permissions PLUS**: - Full financial access and reports - User management (add, edit, deactivate) - Pricing and price rule management - Fleet and unit configuration - Business settings and branding - Integration management - Support ticket administration - Delete and modify any booking ## Understanding Role Assignment ### First User = Admin - The first user in any account automatically becomes an Admin - This ensures someone always has full access - Cannot be changed to Employee role ### Default Role - New users are set as Employees by default - Admins must explicitly grant Admin access - Promotes security through least-privilege principle ## Managing User Roles ### Viewing Current Roles 1. Navigate to **Dashboard → Team** 2. See role listed next to each user name 3. Active users show in regular text 4. Deactivated users show in gray ### Changing User Roles 1. Go to **Dashboard → Team** 2. Click **"Edit"** next to the user 3. Select new role from dropdown 4. Click **"Update User"** **Note**: You cannot change your own role or the first admin's role. ## Permission Details by Area ### Bookings Management | Action | Employee | Admin | |--------|----------|-------| | View all bookings | ✅ | ✅ | | Create new bookings | ✅ | ✅ | | Edit existing bookings | ✅ | ✅ | | Process check-in/out | ✅ | ✅ | | Cancel bookings | ✅ | ✅ | | Delete bookings | ❌ | ✅ | | Process refunds | ❌ | ✅ | ### Financial Access | Action | Employee | Admin | |--------|----------|-------| | View booking prices | ✅ | ✅ | | View financial reports | ❌ | ✅ | | Manage price rules | ❌ | ✅ | | Process payments | ✅ | ✅ | | Issue refunds | ❌ | ✅ | | View revenue data | ❌ | ✅ | ### System Configuration | Action | Employee | Admin | |--------|----------|-------| | Manage fleet types | ❌ | ✅ | | Add/edit units | ❌ | ✅ | | Configure availability | ❌ | ✅ | | Manage locations | ❌ | ✅ | | Edit business settings | ❌ | ✅ | | Configure integrations | ❌ | ✅ | ### Team Management | Action | Employee | Admin | |--------|----------|-------| | View team members | ✅ | ✅ | | Add new users | ❌ | ✅ | | Edit user profiles | Own only | ✅ | | Deactivate users | ❌ | ✅ | | Change user roles | ❌ | ✅ | | Reset passwords | Own only | ✅ | ### Customer Data | Action | Employee | Admin | |--------|----------|-------| | View customer info | ✅ | ✅ | | Edit customer data | ✅ | ✅ | | Export customer data | ❌ | ✅ | | Delete customer data | ❌ | ✅ | | View all customers | ✅ | ✅ | ### Reports & Analytics | Action | Employee | Admin | |--------|----------|-------| | View booking calendar | ✅ | ✅ | | View availability | ✅ | ✅ | | Run financial reports | ❌ | ✅ | | Export reports | Limited | ✅ | | View analytics | Basic | ✅ | ## Best Practices for Role Management ### 1. Start with Employee Role - Give new staff Employee access initially - Upgrade to Admin only when needed - Reduces risk of accidental changes ### 2. Regular Access Reviews - Review user roles monthly - Remove access for departed staff - Downgrade roles when responsibilities change ### 3. Document Role Assignments - Keep record of who has Admin access - Note why Admin access was granted - Track role change history ### 4. Training by Role - Train Employees on daily operations - Train Admins on system configuration - Ensure Admins understand financial impact ## Common Role Scenarios ### New Hire Process 1. Create user account (defaults to Employee) 2. Provide initial training 3. Monitor performance 4. Grant Admin access if promoted to manager ### Seasonal Staff 1. Create Employee accounts 2. Train on booking process only 3. Deactivate (don't delete) when season ends 4. Reactivate next season ### Manager Promotion 1. Identify trusted Employee 2. Provide Admin training 3. Change role to Admin 4. Monitor initial Admin activities ### Staff Departure 1. Immediately deactivate account 2. Don't delete - preserves history 3. Transfer any pending work 4. Document in user notes ## Security Considerations ### For Employees - Can't access sensitive financial data - Can't make system-wide changes - Perfect for front-line staff - Limits potential for errors ### For Admins - Full system access requires trust - Can impact business operations - Should understand all features - Need regular security training ## Troubleshooting Role Issues ### Can't Change Settings - Verify user has Admin role - Check specific permission area - May need to log out/in after role change ### Missing Menu Options - Employee role has limited menu - Admin role shows all options - Refresh page after role change ### Access Denied Errors - Confirm correct role assigned - Some actions are Admin-only - Check account status is active ## Role-Based Interface Differences ### Employee Dashboard Shows - Bookings and calendar - Basic customer search - Personal profile settings - Limited reports ### Admin Dashboard Shows - All Employee features - Team management - Financial reports - System settings - Integration controls - Advanced analytics ## Related Guides - [Adding Staff](./adding-staff.md) - Create new user accounts - [User Management](./user-management.md) - Manage existing users - [Team Management Overview](./index.md) - Team setup best practices --- *Security Tip: Regularly review who has Admin access. The fewer Admins, the more secure your system.*