Role-Based Permissions
Argonautas enforces role-based access control (RBAC) to ensure users see only the data and features relevant to their role. This guide provides the detailed permission matrix.
Permission Matrix
Properties
| Action | Admin | Property Manager | Staff | Owner | Guest |
|---|---|---|---|---|---|
| View all properties | Yes | Assigned only | Assigned only | Owned only | No |
| Create property | Yes | No | No | No | No |
| Edit property details | Yes | Assigned only | No | No | No |
| Delete property | Yes | No | No | No | No |
| View villa guide | Yes | Assigned only | Assigned only | Owned only | Booked only |
Bookings
| Action | Admin | Property Manager | Staff | Owner | Guest |
|---|---|---|---|---|---|
| View bookings | Yes | Assigned properties | No | Owned properties | Own booking |
| Create booking | Yes | Assigned properties | No | No | No |
| Modify booking | Yes | Assigned properties | No | No | No |
| Cancel booking | Yes | Assigned properties | No | No | No |
| Record payment | Yes | Assigned properties | No | No | No |
Rates & Pricing
| Action | Admin | Property Manager | Staff | Owner | Guest |
|---|---|---|---|---|---|
| View rates | Yes | Assigned properties | No | No | No |
| Create/edit season templates | Yes | No | No | No | No |
| Set property rates | Yes | Assigned properties | No | No | No |
| Manage overlays | Yes | Assigned properties | No | No | No |
| Configure fees/taxes | Yes | No | No | No | No |
Messaging
| Action | Admin | Property Manager | Staff | Owner | Guest |
|---|---|---|---|---|---|
| View inbox | Yes | Assigned properties | No | Own messages | Own messages |
| Send messages | Yes | Assigned properties | No | Yes | Yes |
| Manage templates | Yes | No | No | No | No |
| Configure channels | Yes | No | No | No | No |
Staff Management
| Action | Admin | Property Manager | Staff | Owner | Guest |
|---|---|---|---|---|---|
| View all staff | Yes | Assigned properties | No | No | No |
| Create tasks | Yes | Assigned properties | No | No | No |
| Assign tasks | Yes | Assigned properties | No | No | No |
| Complete own tasks | -- | -- | Yes | -- | -- |
| View schedules | Yes | Assigned properties | Own only | No | No |
| Approve time off | Yes | Assigned properties | No | No | No |
Settings & Admin
| Action | Admin | Property Manager | Staff | Owner | Guest |
|---|---|---|---|---|---|
| System settings | Yes | No | No | No | No |
| User management | Yes | No | No | No | No |
| Channel management | Yes | No | No | No | No |
| Company settings | Yes | No | No | No | No |
| View reports | Yes | Limited | No | Own properties | No |
Tenant Isolation
All permissions operate within the company (tenant) boundary:
- Users in Company A cannot see any data from Company B.
- This is enforced at the database query level, not just the UI.
- Admin users have full access within their company, not across companies.
Property-Level Scoping
Property Managers are further scoped by the primary_manager relationship:
- A Property Manager only sees properties where they are set as the primary manager.
- Bookings, guests, rates, and messages are all filtered by this relationship.
- To give a Property Manager access to additional properties, assign them as primary manager on those properties.
Common Questions
Can I customize permissions beyond the built-in roles? Custom role definitions are not currently supported. The five built-in roles cover standard property management workflows.
How do I audit what a user can access? Open the user profile in Settings > Users to see their role and assigned properties. The permission matrix above shows exactly what that role allows.
What happens if I downgrade a user's role? The change takes effect immediately. The user's next page load will reflect the new permissions.
Related
- Staff Roles -- Role descriptions and assignment guide.
- User Management -- Adding and managing user accounts.
- Settings Guide -- System configuration overview.