Staff Roles and Permissions
Argonautas uses role-based access control (RBAC) to ensure each user sees only what they need. Roles determine which sections of the application are accessible and what actions a user can perform.
Available Roles
| Role | Description | Typical User |
|---|---|---|
| Admin | Full access to all features and settings | Company owner, operations manager |
| Property Manager | Manages assigned properties, bookings, and guest communications | On-site manager, regional manager |
| Staff | Limited access focused on task completion | Housekeeping, maintenance, concierge team |
| Owner | View-only access to owned properties and financials | Property owner (investor/landlord) |
| Guest | Portal access to their own booking | Booked guest |
What Each Role Can Access
Admin
- All properties, bookings, and guests across the company.
- Financial reports and analytics.
- Rate and availability management.
- Channel management and sync control.
- User management (invite, edit, deactivate users).
- System settings and integrations.
- Staff management (tasks, schedules, reports).
Property Manager
- Properties assigned via
primary_managerrelationship. - Bookings for their assigned properties.
- Guest communications for their properties.
- Rate management for their properties.
- Staff tasks related to their properties.
- Cannot access system settings, user management, or other managers' properties.
Staff
- Tasks assigned to them.
- Schedule and time-off requests.
- Properties they are assigned to (view only).
- Their own profile and availability settings.
- Cannot access bookings, rates, financials, or settings.
Owner
- Calendar and availability for owned properties.
- Booking details for their properties.
- Financial statements and revenue reports.
- Messages with the property management team.
- Cannot modify rates, availability, or property settings.
Guest
- Their booking details and itinerary.
- Guest portal (villa guide, arrival info, directions).
- Trip services (browse and request activities).
- Payment history and payment links.
- Messages with the property management team.
Assigning Roles
- Navigate to Admin > Staff (for staff) or Settings > Users (for all roles).
- Click Add Member or open an existing user.
- Select the Role from the dropdown.
- For Property Managers, assign specific properties.
- Save.
Property-Level Permissions
Beyond roles, the primary_manager relationship controls which Property Managers see which properties:
- A Property Manager only sees properties where they are set as
primary_manager. - Admins see all properties regardless of manager assignment.
- Staff see properties they are assigned to for task purposes.
Tenant Isolation
All data is scoped by company (tenant). Users in one company cannot see or access data from another company, regardless of their role. This is enforced at the database query level.
Best Practices
- Use the least-privilege principle. Assign the minimum role needed for each user's responsibilities.
- Review roles quarterly. As team members change responsibilities, update their roles.
- Use Property Manager for regional leads who manage a subset of properties.
- Never share admin credentials. Create individual admin accounts for each person who needs full access.
Common Questions
Can I create custom roles? Custom roles are not currently supported. The five built-in roles cover standard property management workflows.
What happens when I deactivate a user? Deactivated users lose access immediately. Their historical data (messages, task completions, etc.) is preserved.
Can a user have multiple roles? No. Each user has one role. If someone needs both staff and property manager access, assign Property Manager (the higher-privilege role).
Related
- User Management -- Adding and managing user accounts.
- Permission Details -- Detailed permission matrix.
- Staff Management -- Managing the staff team.