Each user has one or more roles which define which rights and permissions are granted within the system.
You can use the predefined roles, or make custom user roles to define your permission structure.
There are three predefined system roles available that can always be used:
- User: A user can use the system for reservations for his personal use.
- Booking Manager: A booking manager has the same permissions as a user, plus can also manage bookings and delete bookings.
The 'insight level' defines how many details are visible, please refer to the general settings article. - Manager: The manager is the global system administrator and can access the whole system including the system settings.
These roles can be manually applied within Settings > Users or synchronized via Active Directory. For more information view the AzureAD / Active Directory synchronization article.
Custom User Roles
You can create custom roles via the Settings > User roles menu.
Per custom user role you are able to define the following permissions:
- Bookings:
- Not allowed:
Not allowed to make or manage bookings. - Allowed to make bookings
Can make and manage bookings for his personal use.- Booking permissions:
- Allowed for all locations/rooms/desks
- Only allowed for specific locations/rooms/desks
- Bookings permissions: Including locations
The selected locations are visible to book - Bookings permissions: Excluding locations
The selected locations are not visible to book - Bookings permissions: Including spaces
The selected rooms/desks are visible to book - Bookings permissions: Excluding spaced
The selected rooms/desks are not visible to book
- Bookings permissions: Including locations
Keep in mind that the permission works in a hierarchy. So when the parent is excluded/included, all the elements below are also excluded/included.
- Booking permissions:
- Allowed to manage bookings
Can make and manage bookings for his personal use, plus can also manage bookings and delete bookings from others.
- Not allowed:
- Booking approvals:
- Not allowed:
Not allowed to manage booking approvals - Allowed for all locations/rooms/desks
Allowed to manage bookings for all locations/rooms/desks - Only allowed for specific locations/rooms/desks
- Booking approvals permissions: Including locations
Only allowed to manage the selected locations - Booking approvals permissions: Excluding locations
Explicitly not allowed to manage the selected locations - Booking approvals permissions: Including spaces
Only allowed to manage the selected rooms/desks - Booking approvals permissions: Excluding spaced
Explicitly not allowed to manage the selected rooms/desks
- Booking approvals permissions: Including locations
Keep in mind that the permission works in a hierarchy. So when the parent is excluded/included, all the elements below are also excluded/included.
- Not allowed:
- Visitors:
- Not allowed:
Not allowed to manage visitors. - Allowed to manage for a single location:
Allowed to manage only visitors of a specific location. - Allowed to manage for all locations:
Allowed to manage all visitors.
- Not allowed:
- System settings:
- Not allowed:
Not allowed to manage system settings. - Allowed:
Can manage all system settings.
- Not allowed:
- Services:
- Not allowed:
Not allowed to manage system settings. - Allowed to manage for a single service provider:
Allowed to manage only specific services from one provider. - Allowed to manage for all service providers:
Allowed to manage all services
- Not allowed:
- Hygienic desk mark clean
- None:
Cannot clean any desks - Can clean anonymous desks:
Can only clean desks that are anonymously booked - Can clean anonymous and own desks:
Can only clean desks that are anonymously or personally booked - Can clean all desks:
Can clean all desks
- None: