PropOps has three account types that can log in to the platform — Staff, Agent, and Contractor. Tenants are stored as records managed by staff and do not have login access. Landlords can optionally be set up as clients with their own branch, giving them login access to view their portfolio.
Account types
| Type | Purpose | Platform access |
|---|
| Staff | Internal team members who manage jobs, finances, and the platform | Full back-office |
| Agent | Property agents who raise and oversee jobs on behalf of landlords | Branch-scoped access |
| Contractor | Tradespeople assigned to carry out work | Job-scoped access |
Each account type sees a different view of the platform based on their role and permissions. Contractors can only see jobs assigned to them. Agents can only see jobs within their assigned branches.
Role-based access control
Every account is assigned a role that determines what they can see and do. Permissions are defined across 30+ categories covering API endpoints, pages, notifications, and documents.
Permission categories
| Category | Examples |
|---|
jobs.* | Create, view, update, delete, assign jobs |
users.* | View profiles, manage accounts, change roles |
contractors.* | View contractor list, manage certifications |
financial.* | Create invoices, record payments, view reports |
admin.* | System settings, cron management, security tools |
Privilege hierarchy
Roles have a privilege level (numeric). Users cannot:
- Create or edit accounts with a higher privilege level than their own
- Assign a role that outranks their own
- Grant permissions they do not hold themselves
This prevents privilege escalation at every level.
Onboarding
New accounts go through a guided onboarding flow:
- Account created — by an admin or via invitation email
- Welcome email — sent via Brevo with login credentials
- Email verification — the email verification guard ensures non-staff users verify their address before accessing the platform
- Profile completion — avatar, contact details, notification preferences
Password security
- Passwords are hashed with bcrypt (adaptive cost)
- Breach monitoring — passwords are checked against the HaveIBeenPwned database using k-anonymity (only the first 5 characters of the SHA-1 hash are transmitted)
- Automated scans run on a schedule via
/cron/scan_password_breaches.php
- On breach detection:
- All active sessions are immediately blacklisted
- A password-reset email is sent automatically
If a user’s password appears in a known data breach, they will be locked out until they reset it. This protects against credential-stuffing attacks.
Session management
Users can view and manage their active sessions:
| Feature | Detail |
|---|
| Active session list | See all devices currently signed in |
| Remote revocation | End any session from the account settings page |
| Session lifetimes | Web: 2 hours active / 30 min idle, Mobile: 1 year, Desktop: 1 year |
| Remember me | Extends web sessions to 30 days |
| Session regeneration | Session ID rotated every 30 minutes to prevent fixation |
Branch assignment
Staff and agent accounts can be assigned to one or more branches. Branch assignment controls:
- Which jobs they can see and manage
- Which analytics and reports they can access
- SLA rules that apply to their jobs
See Branches for setup details.
Account status
Every account has a status that controls access:
| Status | Effect |
|---|
| Active | Full access based on role permissions |
| Suspended | Blocked from logging in — all sessions revoked |
| Pending | Awaiting onboarding completion |
| Deactivated | Soft-deleted — data retained but login disabled |
