Appearance
User Roles & Permissions
Learn about the different roles people can have in your account and what each one can do.
The Three Roles
We keep it simple with three roles:
- Admin - Can do everything
- Employee - Can do day-to-day work
- View Only - Can see things but can't make changes
Admin Role
What Admins Can Do
Admins can do everything:
- Access all features and see all data
- Manage users and invite new team members
- Change organization settings
- Set up integrations with other apps
- Handle all financial operations
- View all reports and analytics
Everything Admins Can Access
- ✅ Create, edit, and delete clients
- ✅ Create, edit, and delete invoices and quotes
- ✅ Manage products and services
- ✅ Manage inventory
- ✅ Create and manage projects
- ✅ View and manage everyone's timesheets
- ✅ Manage employees
- ✅ View all reports
- ✅ Set up integrations (API keys, webhooks, connectors)
- ✅ Change organization settings
- ✅ Invite and manage users
- ✅ Change people's roles
- ✅ Turn two-factor authentication on or off for users
- ✅ Access tenant management
- ✅ Import and export data
Who Should Be an Admin?
Give Admin access to:
- Business owners
- Managers who need to see and control everything
- People who set up integrations with other tools
- The main person who manages the account
Employee Role
What Employees Can Do
Employees can handle day-to-day work:
- Do regular business tasks
- Create and edit records
- Track their time and manage projects
- View reports
- Change some of their own settings
What Employees Can and Can't Do
- ✅ Create and edit clients
- ✅ Create and edit invoices and quotes
- ✅ Manage products and services
- ✅ Update inventory
- ✅ Create and manage projects
- ✅ Log their own time and see their timesheets
- ✅ View reports
- ❌ Manage employees
- ❌ Manage users
- ❌ Set up integrations
- ❌ Access organization settings
- ❌ Delete important records (some things are protected)
- ❌ Change system settings
Who Should Be an Employee?
Give Employee access to:
- Team members who do the daily work
- Sales staff
- Project managers
- Account managers
- Anyone who needs to do their job but doesn't need to manage the whole system
View Only Role
What View Only Users Can Do
View Only users can see things but can't make changes:
- View all data
- Export reports
- Cannot create or change anything
What View Only Users Can and Can't Do
- ✅ View clients
- ✅ View invoices and quotes
- ✅ View products and services
- ✅ View inventory
- ✅ View projects
- ✅ View timesheets
- ✅ View reports
- ✅ Export data
- ❌ Create or edit any records
- ❌ Delete records
- ❌ Access settings
- ❌ Manage users
- ❌ Set up integrations
Who Should Be View Only?
Give View Only access to:
- Executives who just need to see what's happening
- Auditors
- Stakeholders who need visibility but don't need to make changes
- Anyone who only needs to see reports
Role Comparison
| Feature | Admin | Employee | View Only |
|---|---|---|---|
| View Data | ✅ | ✅ | ✅ |
| Create/Edit Clients | ✅ | ✅ | ❌ |
| Create/Edit Invoices | ✅ | ✅ | ❌ |
| Manage Users | ✅ | ❌ | ❌ |
| Configure Integrations | ✅ | ❌ | ❌ |
| Tenant Settings | ✅ | ❌ | ❌ |
| View Reports | ✅ | ✅ | ✅ |
| Export Data | ✅ | ✅ | ✅ |
| Manage Employees | ✅ | ❌ | ❌ |
| Timesheet Management | ✅ | Own only | View only |
Changing Roles
For Administrators
- Go to Tenant Management → Users
- Find the user
- Click the Role dropdown
- Select new role
- Changes take effect immediately
Role Change Effects
When a role is changed:
- Permissions update immediately
- User may need to refresh browser
- Some features become unavailable
- Data access may change
Tips for Managing Roles
Assigning Roles
- Start with less access - Give people the minimum they need to do their job
- Check regularly - Review who has what access every few months
- Write it down - Note why someone has a specific role
- Less is more - Only give people the access they actually need
Keeping Things Secure
- Admin access - Only give this to people you really trust
- Employee access - This is perfect for most people on your team
- View Only - Great for people who just need to see what's happening
- Check often - Regularly review who has access to what
Custom Permissions
Right now, we have the three roles above. While you can't create completely custom permissions yet, you can:
- Use the roles we have in smart ways
- Combine roles with other access controls
- Plan ahead for when we add more permission options
Next Steps
- Tenant Management - Manage users and roles
- Security Settings - Configure security
- User Management - Invite and manage users