Roles are fully customisable. Administrators can modify permissions on any role or create new roles. The defaults below represent the out-of-the-box configuration.
Role Hierarchy
Roles are ordered by hierarchy level. A user can only assign roles at or below their own level — you cannot grant a role with more access than you have.| Level | Role | API Perms | Page Perms | Doc Perms | Locked |
|---|---|---|---|---|---|
| 10 | SysOps | 402 | 103 | 45 | No |
| 20 | Director | 391 | 95 | 45 | Yes |
| 30 | Finance | 306 | 57 | 45 | Yes |
| 40 | Maintenance Coordinator | 301 | 52 | 45 | Yes |
| 50 | Minimal Access | 6 | 0 | 0 | No |
Locked roles cannot be deleted by non-SysOps users. Their permissions can still be modified.
SysOps
System Operations — Full system access and configuration The highest-privilege role. SysOps users have access to every feature in the platform including system maintenance, security tooling, and infrastructure controls that are hidden from other roles.Exclusive capabilities (not available to Director)
- Sync background task registry
- Branch sharing across workspaces
- Dashboard chart management
- Security operations chiplets
- Maintenance mode toggle
- Web push notification testing
- User appearance/theme management
Typical users
System administrators, DevOps engineers, platform managers.Director
Business oversight and strategic decisions Directors have near-complete access to the platform but cannot access system infrastructure tools. They can manage permissions, security, sessions, and all business operations.Key capabilities beyond Finance
- Full admin panel access (activity logs, API discovery, permissions, settings)
- Security management (file integrity alerts, session management, blacklists)
- Role and permission management
- User management policies
- Deployment and security guard notifications
- Tenant bulk operations (bulk delete)
- GDPR report access
Typical users
Company directors, operations managers, senior administrators.Finance
Financial management and reporting Finance users have access to all business operations — jobs, contractors, financial data, reports — but cannot access system administration, security tooling, or permission management.Key capabilities beyond Maintenance Coordinator
- GDPR data report generation and download
- Tenant data export
Shared capabilities with Maintenance Coordinator
- Full job management (create, edit, case notes, photos, documents)
- Contractor management (certifications, trades, coverage areas)
- Financial invoices and payment management
- Dashboard access with all standard widgets
- All document types (upload, read, delete — 45 permissions)
- Email management (send, templates, welcome emails)
- User and branch management
- Calendar, search, analytics, and reporting
Typical users
Finance managers, accounts teams, billing administrators.Maintenance Coordinator
Job and contractor management The standard operational role for day-to-day property maintenance work. Has full access to jobs, contractors, and operational tools but cannot access GDPR reports or administrative settings.Key capabilities
- Full job lifecycle management
- Contractor and certification management
- Dashboard with operational widgets
- Document upload, read, and delete for all 15 document types
- Calendar, search, and notifications
- Financial invoice management
- Branch and user management
- Email and WhatsApp messaging
Typical users
Maintenance coordinators, property managers, job dispatchers.Minimal Access
Restricted baseline role A minimal role intended for accounts that need only basic API connectivity. This role has no page access and no document permissions — only email-related API endpoints.Permissions (6 total)
| Permission Key | Description |
|---|---|
api.email.send.manage | Send emails |
api.email.verify.view | Email verification |
api.email.welcome.manage | Welcome emails |
Typical users
Service accounts, API-only integrations, onboarding accounts awaiting role assignment.Creating Custom Roles
To create a new role:- Navigate to Settings → User Roles
- Click Create Role
- Set the role name, description, and hierarchy level
- Assign permissions from the available API, page, and document permission sets
- Assign users to the new role from Settings → Staff Permissions or the user’s profile
inherits_permissions flag, reducing duplication when creating specialised variants of existing roles.