Permissions Reference Guide

This guide provides a comprehensive overview of what each role can do in Assignar Pay. Use this reference to understand the capabilities and limitations of each role when setting up your team.

Quick Comparison Table

*Customer access is limited to specifically shared information only. *Supplier access is limited to purchase orders issued to them and related invoice submission.

Detailed Permissions by Category

🏢 Account & Team Management

Owner Only:

• Complete billing and subscription control
• Add and remove team members
• Assign and change user roles
• Delete entire account or major data
• Manage integrations with other systems

Admin Capabilities:

• Invite new team members
• Manage most account settings
• Configure workflows and processes
• Handle day-to-day team coordination
• Manage API keys for integrations and automation

Limited Access (Manager/Member):

• View team information
• Access relevant account data
• Use account features within their scope

🔑 API Key Management

Owner & Admin:

• Create API keys for integrations and automation
• View and list all API keys for the account
• Revoke (delete) API keys when needed
• Manage API key scopes and permissions
• Monitor API key usage and access logs

Manager & Member:

• No access to API key management
• Cannot create, view, or delete API keys

💰 Financial Operations

Owner Exclusive:

• Process payments and billing
• Send invoices to customers
• Change invoice statuses
• Delete financial records
• Access complete financial oversight

Admin & Manager Shared:

• Create and edit invoices
• View financial reports and payment history
• Handle customer billing inquiries

Manager Only:

• View comprehensive financial data for projects
• Access payment history for areas of responsibility

Member Access:

• Create invoices for their work
• View invoice status and basic information

⏰ Time & Payroll Management

Recent Update: Manager role now includes timesheet management capabilities.

Owner & Admin:

• Complete payroll management
• Full timesheet control (create, edit, delete)
• Process payroll payments
• Set compensation structures

Manager (Enhanced):

• Create timesheets for team members
• Edit and update timesheet entries
• View comprehensive timesheet data
• Monitor team time allocation

Member:

• View timesheet information for reference
• Access time-related data for planning

📊 Project & Rate Management

Owner Control:

• Create and manage Schedule of Values (SOV)
• Complete control over client relationships
• Delete major project data

Admin Capabilities:

• Create and manage Schedule of Rates (SOR)
• Create and edit master items
• Manage client relationships
• Create, edit, delete, and view projects

Manager Access:

• View rates and scheduling information
• Access project data for coordination
• Use master items for planning
• View project information
• Create and edit projects for their teams

Member Access:

• View basic client and project information
• Access data relevant to their work
• View project details for assigned work

🛒 Procurement Management

Recent Addition: Comprehensive procurement system for managing suppliers and purchase orders.

Owner & Admin:

• Complete purchase order management (create, approve, delete)
• Supplier directory management
• Supplier portal access control
• Supplier invoice approval
• Procurement analytics and reporting

Manager (Enhanced):

• Create and edit purchase orders
• Review supplier invoices
• Coordinate procurement activities
• Track order fulfillment

Supplier (External Portal):

• View purchase orders issued to their company
• Submit invoices against approved purchase orders
• Upload supporting documents and receipts
• Track invoice status and communication history

📁 Document & Information Management

All Internal Roles (Owner through Member):

• Create and edit documents
• Access document libraries
• Collaborate on shared documents

Supplier Access:

• Create documents (receipts, certificates)
• View documents related to their purchase orders
• Upload supporting documentation

Admin & Owner Only:

• Delete documents
• Manage document access permissions
• Control sharing with external parties

Customer Access:

• View only specifically shared documents
• Read-only access to relevant information

Understanding Permission Hierarchy

🔺 Role Hierarchy

1. Owner (Highest authority) - Complete control
2. Admin - Broad operational access
3. Manager - Focused management capabilities
4. Member - Essential work access
5. Customer - View-only shared access
6. Supplier (Most restricted) - External procurement portal access

🛡️ Security Principles

Principle of Least Privilege:

• Each role has only the access needed for their responsibilities
• Higher roles can perform actions on lower roles but not on peers
• Sensitive operations require higher-level authorization

Data Protection:

• Customer data is isolated and controlled
• Internal business data is protected from external access
• Financial operations have additional security layers

Best Practices for Role Assignment

🎯 Choosing the Right Role

Assign Owner to:

• Business owners and key decision-makers
• Those who need complete financial oversight
• Users responsible for billing and subscriptions

Assign Admin to:

• Operations managers and senior staff
• Those who handle daily business management
• Users who coordinate teams and processes

Assign Manager to:

• Project managers and team leaders
• Department heads and supervisors
• Those who coordinate specific business areas

Assign Member to:

• Individual contributors and employees
• Contractors and staff who need basic access
• Those focused on specific tasks and deliverables

Assign Customer to:

• External clients and customers
• Third-party partners with limited access needs
• Anyone outside your organization requiring controlled access

Assign Supplier to:

• External suppliers and vendors
• Contractors providing goods or services
• Service providers who fulfill purchase orders
• Material suppliers and equipment vendors

🔄 Regular Review

Monthly Reviews:

• Assess if team members have appropriate access
• Review role assignments as responsibilities change
• Remove access for departing team members

Quarterly Planning:

• Evaluate role structure effectiveness
• Plan for team growth and changing needs
• Update permissions based on business evolution

⚠️ Common Mistakes to Avoid

• Over-privileging: Giving higher access than needed
• Under-privileging: Restricting access too much for job requirements
• Inconsistent assignment: Not following clear role criteria
• Neglecting reviews: Failing to update roles as needs change
• Poor documentation: Not explaining role assignments to team members

Getting Help with Permissions

If you need assistance with role assignments or permissions:

1. Review this guide to understand available options
2. Assess your team needs and responsibilities
3. Start conservatively with lower access levels
4. Adjust as needed based on actual usage
5. Contact support for complex permission scenarios

Remember that roles can be adjusted as your team and business needs evolve. Start with appropriate baseline access and refine based on actual usage and business requirements.