User Permissions¶
Manage user roles and access levels for your franchise.
Role Overview¶
The platform uses role-based access control (RBAC) to manage permissions.
Available Roles¶
| Role | Access Level | Typical Users |
|---|---|---|
| Owner | Full access to everything | Franchise owner |
| Admin | Full access except billing | General managers |
| Manager | Operations and scheduling | Store managers |
| Office | Administrative functions | Office staff |
| Viewer | Read-only access | Corporate, consultants |
Role Permissions¶
Owner¶
Full access including:
- All features and settings
- Billing and subscription
- User management
- All locations
Admin¶
Same as Owner except:
- Cannot modify billing
- Cannot delete franchise
- Cannot change owner
Manager¶
Operations-focused access:
- Create and edit schedules
- Approve time off requests
- Manage employees at assigned locations
- View reports for assigned locations
- Cannot access billing or franchise settings
Office¶
Administrative access:
- View schedules (read-only)
- Process time off requests
- Onboard new employees
- Run reports
- Cannot edit schedules directly
Viewer¶
Read-only access:
- View schedules
- View employee information
- View reports
- Cannot make any changes
Assigning Roles¶
New Users¶
When adding a user:
- Go to Settings > Users
- Click Add User
- Enter user details
- Select role
- Assign location(s)
- Click Save
Changing Roles¶
To modify an existing user's role:
- Go to Settings > Users
- Click the user
- Change the role
- Click Save
Role Changes
Role changes take effect immediately. The user may need to log out and back in.
Location Access¶
Assigning Locations¶
Users can be assigned to specific locations:
| Assignment | Access |
|---|---|
| All Locations | Can access all stores |
| Specific Locations | Only assigned stores |
To assign locations:
- Go to Settings > Users
- Click the user
- Select location(s) under "Allowed Locations"
- Click Save
Multi-Location Managers¶
Managers overseeing multiple stores:
- Assign all relevant locations
- They can switch between stores in the header
- Reports will include all assigned locations
Permission Matrix¶
| Action | Owner | Admin | Manager | Office | Viewer |
|---|---|---|---|---|---|
| View schedules | ✓ | ✓ | ✓ | ✓ | ✓ |
| Edit schedules | ✓ | ✓ | ✓ | - | - |
| Publish schedules | ✓ | ✓ | ✓ | - | - |
| Approve time off | ✓ | ✓ | ✓ | ✓ | - |
| Add employees | ✓ | ✓ | ✓ | ✓ | - |
| Edit employees | ✓ | ✓ | ✓ | ✓ | - |
| View reports | ✓ | ✓ | ✓ | ✓ | ✓ |
| Manage users | ✓ | ✓ | - | - | - |
| Change settings | ✓ | ✓ | - | - | - |
| Billing access | ✓ | - | - | - | - |
Deactivating Users¶
When an employee leaves or no longer needs access:
- Go to Settings > Users
- Click the user
- Click Deactivate
- Confirm
Deactivated users:
- Cannot log in
- Are preserved in historical data
- Can be reactivated later
Security Best Practices¶
User Management Tips
- Use least privilege - Give minimum access needed
- Review regularly - Audit user access quarterly
- Deactivate promptly - Remove access when employees leave
- Use strong passwords - Enforce password requirements
- Monitor activity - Check audit logs for unusual access
Audit Log¶
View user activity:
- Go to Settings > Audit Log
- Filter by user, action, or date
- Review access and changes
The audit log tracks:
- Login attempts
- Permission changes
- Data modifications
- Settings changes
Need Help?¶
Contact support at support@coldstonereno.com