User roles

Each user has one or more roles which define which rights and permissions are granted within the system.

You can use the predefined roles, or make custom user roles to define your permission structure.

There are three predefined system roles available that can always be used:

  • User: A user can use the system for reservations for his personal use.
  • Booking Manager: A booking manager has the same permissions as a user, plus can also manage bookings and delete bookings.
    The 'insight level' defines how many details are visible, please refer to the general settings article.
  • Manager: The manager is the global system administrator and can access the whole system including the system settings. 

These roles can be manually applied within Settings > Users or synchronized via Active Directory. For more information view the AzureAD / Active Directory synchronization article.

Custom User Roles

You can create custom roles via the  Settings > User roles menu. 

Per custom user role you are able to define the following permissions:

  • Bookings:
    • Not allowed:
      Not allowed to make or manage bookings.
    • Allowed to make bookings
      Can make and manage bookings for his personal use.
        • Booking permissions: 
          • Allowed for all locations/rooms/desks
          • Only allowed for specific locations/rooms/desks
            • Bookings permissions: Including locations
              The selected locations are visible to book
            • Bookings permissions: Excluding locations
              The selected locations are not visible to book
            • Bookings permissions: Including spaces
              The selected rooms/desks are visible to book
            • Bookings permissions: Excluding spaced
              The selected rooms/desks are not visible to book

      Keep in mind that the permission works in a hierarchy. So when the parent is excluded/included, all the elements below are also excluded/included. 

    • Allowed to manage bookings
      Can make and manage bookings for his personal use, plus can also manage bookings and delete bookings from others.
  • Booking approvals:
      • Not allowed:
        Not allowed to manage booking approvals
      • Allowed for all locations/rooms/desks
        Allowed to manage bookings for all locations/rooms/desks
      • Only allowed for specific locations/rooms/desks
        • Booking approvals permissions: Including locations
          Only allowed to manage the selected locations
        • Booking approvals permissions: Excluding locations
          Explicitly not allowed to manage the selected locations
        • Booking approvals permissions: Including spaces
          Only allowed to manage the selected rooms/desks
        • Booking approvals permissions: Excluding spaced
          Explicitly not allowed to manage the selected rooms/desks

    Keep in mind that the permission works in a hierarchy. So when the parent is excluded/included, all the elements below are also excluded/included. 

  • Visitors:
    • Not allowed:
      Not allowed to manage visitors.
    • Allowed to manage for a single location:
      Allowed to manage only visitors of a specific location.
    • Allowed to manage for all locations:
      Allowed to manage all visitors.
  • System settings:
    • Not allowed:
      Not allowed to manage system settings.
    • Allowed:
      Can manage all system settings.
  • Services:
    • Not allowed:
      Not allowed to manage system settings.
    • Allowed to manage for a single service provider:
      Allowed to manage only specific services from one provider.
    • Allowed to manage for all service providers:
      Allowed to manage all services
       
  • Hygienic desk mark clean
    • None:
      Cannot clean any desks
    • Can clean anonymous desks:
      Can only clean desks that are anonymously booked
    • Can clean anonymous and own desks:
      Can only clean desks that are anonymously or personally booked
    • Can clean all desks:
      Can clean all desks
2 out of 2 found this helpful