Permissions Reference Guide
Quick reference guide showing what each role can do in Assignar Pay - compare permissions across all roles.
Permissions Reference Guide
This guide provides a comprehensive overview of what each role can do in Assignar Pay. Use this reference to understand the capabilities and limitations of each role when setting up your team.
Quick Comparison Table
| Feature Area | Owner | Admin | Manager | Member | Customer |
|---|---|---|---|---|---|
| Team & Account Management | |||||
| Manage billing and subscriptions | ✅ | ❌ | ❌ | ❌ | ❌ |
| Manage team roles and members | ✅ | ❌ | ❌ | ❌ | ❌ |
| Invite new team members | ✅ | ✅ | ❌ | ❌ | ❌ |
| Manage account settings | ✅ | ✅ | ❌ | ❌ | ❌ |
| Manage integrations | ✅ | ❌ | ❌ | ❌ | ❌ |
| Invoice Management | |||||
| Create invoices | ✅ | ✅ | ✅ | ✅ | ❌ |
| View invoices | ✅ | ✅ | ✅ | ✅ | ✅* |
| Edit invoices | ✅ | ✅ | ✅ | ❌ | ❌ |
| Delete invoices | ✅ | ❌ | ❌ | ❌ | ❌ |
| Send invoices | ✅ | ❌ | ❌ | ❌ | ❌ |
| Approve invoices | ✅ | ✅ | ❌ | ❌ | ❌ |
| Change invoice status | ✅ | ❌ | ❌ | ❌ | ❌ |
| Order Management | |||||
| Create orders | ✅ | ✅ | ✅ | ❌ | ❌ |
| View orders | ✅ | ✅ | ✅ | ✅ | ❌ |
| Edit orders | ✅ | ✅ | ✅ | ❌ | ❌ |
| Delete orders | ✅ | ✅ | ❌ | ❌ | ❌ |
| Client & Project Management | |||||
| Create clients | ✅ | ✅ | ❌ | ❌ | ❌ |
| View clients | ✅ | ✅ | ✅ | ✅ | ❌ |
| Edit clients | ✅ | ✅ | ❌ | ❌ | ❌ |
| Delete clients | ✅ | ❌ | ❌ | ❌ | ❌ |
| Invite customers | ✅ | ✅ | ❌ | ❌ | ❌ |
| Time & Payroll Management | |||||
| Create timesheets | ✅ | ✅ | ✅ | ❌ | ❌ |
| View timesheets | ✅ | ✅ | ✅ | ✅ | ❌ |
| Edit timesheets | ✅ | ✅ | ✅ | ❌ | ❌ |
| Delete timesheets | ✅ | ✅ | ❌ | ❌ | ❌ |
| Manage payroll | ✅ | ✅ | ❌ | ❌ | ❌ |
| View payroll information | ✅ | ✅ | ✅ | ❌ | ❌ |
| Rates & Scheduling | |||||
| Create Schedule of Rates | ✅ | ✅ | ❌ | ❌ | ❌ |
| View Schedule of Rates | ✅ | ✅ | ✅ | ❌ | ❌ |
| Edit Schedule of Rates | ✅ | ✅ | ❌ | ❌ | ❌ |
| View Schedule of Values | ✅ | ❌ | ✅ | ❌ | ❌ |
| Create/Edit Schedule of Values | ✅ | ❌ | ❌ | ❌ | ❌ |
| View master items | ✅ | ✅ | ✅ | ❌ | ❌ |
| Create/Edit master items | ✅ | ✅ | ❌ | ❌ | ❌ |
| Financial Operations | |||||
| View payment history | ✅ | ✅ | ✅ | ❌ | ❌ |
| Process payments | ✅ | ❌ | ❌ | ❌ | ❌ |
| View financial reports | ✅ | ✅ | ❌ | ❌ | ❌ |
| Document Management | |||||
| Create documents | ✅ | ✅ | ✅ | ✅ | ❌ |
| View documents | ✅ | ✅ | ✅ | ✅ | ❌ |
| Edit documents | ✅ | ✅ | ✅ | ✅ | ❌ |
| Delete documents | ✅ | ✅ | ❌ | ❌ | ❌ |
| Advanced Features | |||||
| Access AI features | ✅ | ✅ | ✅ | ✅ | ❌ |
*Customer access is limited to specifically shared information only.
Detailed Permissions by Category
🏢 Account & Team Management
Owner Only:
- Complete billing and subscription control
- Add and remove team members
- Assign and change user roles
- Delete entire account or major data
- Manage integrations with other systems
Admin Capabilities:
- Invite new team members
- Manage most account settings
- Configure workflows and processes
- Handle day-to-day team coordination
Limited Access (Manager/Member):
- View team information
- Access relevant account data
- Use account features within their scope
💰 Financial Operations
Owner Exclusive:
- Process payments and billing
- Send invoices to customers
- Change invoice statuses
- Delete financial records
- Access complete financial oversight
Admin & Manager Shared:
- Create and edit invoices
- View financial reports and payment history
- Handle customer billing inquiries
Manager Only:
- View comprehensive financial data for projects
- Access payment history for areas of responsibility
Member Access:
- Create invoices for their work
- View invoice status and basic information
⏰ Time & Payroll Management
Recent Update: Manager role now includes timesheet management capabilities.
Owner & Admin:
- Complete payroll management
- Full timesheet control (create, edit, delete)
- Process payroll payments
- Set compensation structures
Manager (Enhanced):
- Create timesheets for team members
- Edit and update timesheet entries
- View comprehensive timesheet data
- Monitor team time allocation
Member:
- View timesheet information for reference
- Access time-related data for planning
📊 Project & Rate Management
Owner Control:
- Create and manage Schedule of Values (SOV)
- Complete control over client relationships
- Delete major project data
Admin Capabilities:
- Create and manage Schedule of Rates (SOR)
- Create and edit master items
- Manage client relationships
Manager Access:
- View rates and scheduling information
- Access project data for coordination
- Use master items for planning
Member Access:
- View basic client and project information
- Access data relevant to their work
📁 Document & Information Management
All Internal Roles (Owner through Member):
- Create and edit documents
- Access document libraries
- Collaborate on shared documents
Admin & Owner Only:
- Delete documents
- Manage document access permissions
- Control sharing with external parties
Customer Access:
- View only specifically shared documents
- Read-only access to relevant information
Understanding Permission Hierarchy
🔺 Role Hierarchy
- Owner (Highest authority) - Complete control
- Admin - Broad operational access
- Manager - Focused management capabilities
- Member - Essential work access
- Customer (Most restricted) - View-only shared access
🛡️ Security Principles
Principle of Least Privilege:
- Each role has only the access needed for their responsibilities
- Higher roles can perform actions on lower roles but not on peers
- Sensitive operations require higher-level authorization
Data Protection:
- Customer data is isolated and controlled
- Internal business data is protected from external access
- Financial operations have additional security layers
Best Practices for Role Assignment
🎯 Choosing the Right Role
Assign Owner to:
- Business owners and key decision-makers
- Those who need complete financial oversight
- Users responsible for billing and subscriptions
Assign Admin to:
- Operations managers and senior staff
- Those who handle daily business management
- Users who coordinate teams and processes
Assign Manager to:
- Project managers and team leaders
- Department heads and supervisors
- Those who coordinate specific business areas
Assign Member to:
- Individual contributors and employees
- Contractors and staff who need basic access
- Those focused on specific tasks and deliverables
Assign Customer to:
- External clients and customers
- Third-party partners with limited access needs
- Anyone outside your organization requiring controlled access
🔄 Regular Review
Monthly Reviews:
- Assess if team members have appropriate access
- Review role assignments as responsibilities change
- Remove access for departing team members
Quarterly Planning:
- Evaluate role structure effectiveness
- Plan for team growth and changing needs
- Update permissions based on business evolution
⚠️ Common Mistakes to Avoid
- Over-privileging: Giving higher access than needed
- Under-privileging: Restricting access too much for job requirements
- Inconsistent assignment: Not following clear role criteria
- Neglecting reviews: Failing to update roles as needs change
- Poor documentation: Not explaining role assignments to team members
Getting Help with Permissions
If you need assistance with role assignments or permissions:
- Review this guide to understand available options
- Assess your team needs and responsibilities
- Start conservatively with lower access levels
- Adjust as needed based on actual usage
- Contact support for complex permission scenarios
Remember that roles can be adjusted as your team and business needs evolve. Start with appropriate baseline access and refine based on actual usage and business requirements.