Roles and permissions
2 min read
The moment a second person logs into your admin, access becomes a question worth answering properly. A shared login answers it badly. Personal accounts with the right permissions answer it well.
Everyone gets their own account
Team members are managed in Settings, on the Users page. Each person gets a personal login. It is tempting to share one account across the whole team, but then you never know who changed what, and when somebody leaves you are stuck changing a password that everyone uses.
With personal accounts, offboarding is one click. Remove the account and that person's access ends there, with nobody else disrupted.
How many staff accounts your plan includes varies, so check the pricing page for the current counts.
Custom roles on the Pro plan
On the Pro plan you can create custom roles and choose the permissions each role carries. A role decides what a person can see and what they can do, and you assign one to each team member.
The examples write themselves. A cleaner needs the calendar to know which changeovers are coming, but has no business seeing your revenue. A bookkeeper needs to see payments, but should not be able to edit bookings. Build a role for each job and those boundaries hold themselves.
Start from the job, not the person
When you design a role, list what the job actually touches and grant only that. If you are unsure about a permission, leave it off. Widening access later takes a moment, and someone will tell you soon enough when they hit a wall. Walking access back after someone has grown used to it is much harder, and you rarely find out what they saw in the meantime.
When someone leaves
Remove their account and you are done. No password rotations, no wondering which devices still have the old login saved. That is the quiet payoff of doing accounts properly from the start.