Argonautas

English

Español
Français
Português

English

Español
Français
Português

Appearance

Users and Permissions

Argonautas uses role-based access control to ensure every team member sees exactly what they need -- and nothing more. This guide covers how to invite users, assign roles, configure property-level permissions, and manage security settings like two-factor authentication and API keys.

Overview

User management is available under Settings > Users for admins. The system supports five roles, each with a different scope of access. Users are invited via email, WhatsApp, or SMS -- they never need to create their own accounts.

Roles

Every user has exactly one role. Roles determine which sections of the application are visible and what actions the user can perform.

RoleDescriptionTypical Use
AdminFull access to all properties, settings, financials, and user management.Company owners, general managers
Property ManagerManages assigned properties -- bookings, calendar, rates, guests, and messaging. Cannot access system settings or other managers' properties.Regional managers, operations leads
OwnerRead-only access to their own properties' bookings, calendar, financials, and messages via the owner portal.Villa owners
StaffLimited access scoped to specific properties. Can view bookings, calendars, and guest details. Cannot modify rates or financials.Housekeeping leads, maintenance coordinators
ConciergeAccess to the concierge module -- trip services, service providers, and guest service requests. Can view booking details needed to fulfill services.Guest experience team, activity coordinators

What Each Role Can Access

FeatureAdminProperty ManagerOwnerStaffConcierge
DashboardAll propertiesAssigned propertiesOwn propertiesAssigned propertiesConcierge dashboard
BookingsAllAssigned propertiesOwn (read-only)Assigned (read-only)Linked bookings
CalendarAllAssigned propertiesOwn propertiesAssigned properties--
Rates & PricingAllAssigned properties------
Messaging / InboxAll conversationsProperty conversationsMessage log--Guest service messages
Financials & ReportsAllAssigned propertiesOwn statements--Commission reports
PropertiesAllAssignedOwn (read-only)Assigned (read-only)--
ConciergeFullView only----Full
SettingsFullProfile onlyProfile onlyProfile onlyProfile only
User ManagementFull--------

Inviting Users

Admins invite new users from Settings > Users > Add User.

Invitation Flow

  1. Enter the user's name, email, and optionally a phone number.
  2. Select their role.
  3. If the role is Property Manager, Staff, or Concierge, assign the relevant properties.
  4. Click Send Invitation.

The system creates the account without a password and sends an invitation via the best available channel:

  • WhatsApp (preferred if a phone number is provided and WhatsApp is connected)
  • SMS (fallback if WhatsApp is unavailable)
  • Email (always available)

The invitation contains a magic link. When the user clicks it, they verify their identity and can optionally set a password or register a passkey. If the magic link expires, a one-time code (OTP) is sent as a fallback -- the user enters it manually to complete verification.

Resending Invitations

If a user did not receive or has lost their invitation, click the Resend Invitation button on their user profile. A fresh magic link and OTP are generated.

[Screenshot: Add User form with role selector and property assignment]

Property-Level Permissions

Roles define what a user can do. Property assignments define which properties they can see.

  • Admins always see all properties -- no assignment needed.
  • Property Managers see only properties where they are set as the primary manager or explicitly assigned.
  • Owners see only properties linked to their owner profile.
  • Staff see only properties they are explicitly assigned to.
  • Concierge users see bookings and services across all properties by default, scoped by company.

Managing Assignments

To change a user's property assignments:

  1. Go to Settings > Users and select the user.
  2. In the Properties section, add or remove property assignments.
  3. Changes take effect immediately -- the user's dashboard and navigation update on their next page load.

Permission Inheritance

Property-level access cascades to related data. If a property manager is assigned to Villa Pacifica, they automatically see:

  • All bookings for Villa Pacifica
  • Calendar entries and availability
  • Rates and pricing rules
  • Guest records associated with those bookings
  • Inbox conversations linked to those bookings
  • Financial reports filtered to that property

They do not see data for properties outside their assignment, even in aggregate reports.

Editing and Deactivating Users

Editing a User

Admins can update any user's name, email, phone, role, and property assignments. Changing a user's role immediately adjusts their access level. The user does not need to log out and back in -- permissions are evaluated on each request.

Deactivating a User

Rather than deleting users (which would remove audit history), deactivate them:

  1. Open the user's profile in Settings > Users.
  2. Click Deactivate.
  3. The user can no longer log in, but their name remains on historical bookings, messages, and audit records.

Deactivated users can be reactivated later if needed.

Two-Factor Authentication

Argonautas supports two-factor authentication (2FA) for added security.

  • Passkeys -- Users can register biometric (fingerprint, face) or hardware security keys for passwordless login. This is the recommended method.
  • Time-based OTP (TOTP) -- Users can set up an authenticator app (Google Authenticator, Authy, etc.) for a six-digit code on each login.

Admins can require 2FA for all users or for specific roles (recommended for admin and property manager accounts). 2FA settings are managed per-user under their profile's Security section.

Managing Your Own Account

Every user -- regardless of role -- can manage their own login and security from the Account & Security page (reached from the account menu, or Settings > Account for admins and property managers). It is organized into tabs:

  • Profile -- Update your name, phone, email, and avatar.
  • Security -- Change your password, register or remove passkeys, set an auto-logout (session timeout) interval, and enable or disable two-factor authentication.
  • Sessions -- See your active sessions and recent login history, and sign out devices you no longer use.
  • Notifications -- Set your personal notification preferences.

Active Sessions and Login History

The Sessions tab shows where your account is currently signed in and the recent sign-in activity on it:

  • Active sessions -- Each current session is listed with its device and browser, approximate location, IP address, and when it was last active. Your current session is marked. Click Sign out on any other session to end it remotely, or use Sign out all other sessions to end every session except the one you're using -- useful if you've logged in on a shared or lost device.
  • Login history -- A record of recent sign-in attempts (both successful and failed) with the device, IP address, location, and timestamp. Review it periodically to spot any sign-in you don't recognize.

If you ever see an unfamiliar session or a failed login you can't account for, sign out the other sessions and change your password from the Security tab.

API Key Management

For integrations that require programmatic access (custom reporting tools, external dashboards, or automation scripts), admins can generate API keys.

  • Navigate to Settings > API Keys.
  • Click Generate Key and provide a descriptive label (e.g., "Reporting Dashboard").
  • The key is displayed once -- copy it immediately and store it securely.
  • Each key has a permission scope (read-only or read-write) and can be restricted to specific endpoints.
  • Revoke keys at any time by clicking Revoke next to the key.

API keys authenticate as the admin who created them and are subject to rate limiting.

Audit Log

The audit log records significant actions taken by users across the system:

  • User logins and failed login attempts
  • Booking creation, modification, and cancellation
  • Rate and pricing changes
  • Settings modifications
  • User account changes (invitations, role changes, deactivations)

Access the audit log from Settings > Audit Log. Filter by user, action type, or date range. The log is read-only and cannot be modified or deleted.

Key Concepts

  • Role-based access -- Permissions are determined by the user's role, not configured individually. This simplifies management as your team grows.
  • Property scope -- Beyond roles, property assignments limit what data a user can see. A property manager with 10 assigned properties sees a different dashboard than one with 3.
  • Magic link invitation -- New users never set a password during account creation. They receive a secure link to verify their identity and optionally set credentials.
  • Deactivation vs. deletion -- Deactivated users retain their history. Deletion is not offered to preserve audit integrity.

Common Questions

Can a user have multiple roles? No. Each user has exactly one role. If someone needs both property manager and concierge access, assign them the role with broader permissions and adjust property assignments accordingly.

What happens when I change someone's role? Their access changes immediately. If you downgrade a property manager to staff, they lose access to rates, financials, and messaging for their properties on the next request.

Can property managers invite other users? No. Only admins can create and manage user accounts. Property managers can request that an admin add team members.

Is there a limit on the number of users? There is no hard limit on user accounts. Pricing may vary based on active user count -- check your subscription plan.

How do I audit who changed a booking? Use the audit log under Settings > Audit Log and filter by the booking ID or the user you are investigating.

Last updated: