Roles & permissions
Each employee has one or more roles. Roles control what they can see and change.
Built-in roles
| Role | Can do | Can’t do |
|---|---|---|
| Admin | Everything: manage subscription, delete workshop, change settings, revert completed services, manage employees. | Nothing is blocked. |
| Manager | Create and edit every record (clients, vehicles, services, invoices). View reports. | Billing, workshop deletion, creating other admins. |
| Mechanic | Create and update services. Add inspection items and photos. Mark services complete. | Edit invoices, delete records, access settings. |
| Receptionist | Create clients and vehicles. Create scheduled services. Read-only on in-progress services. | Edit prices on invoices, complete services, access reports. |
Combining roles
An employee can hold multiple roles. Permissions are the union of all their roles — so a Mechanic + Manager gets Manager-level access.
Changing someone’s roles
- Open the employee’s detail page.
- Click Edit.
- In the Roles multi-select, add or remove roles.
- Click Save. The employee’s permissions update on their next API call (within seconds).
Admin is powerful — use sparingly
Admins can delete the workshop and change billing. Only grant Admin to people you fully trust with the business. One or two admins total is usually the right number.
Public vs private records
Individual clients and vehicles have a Public / Private toggle. Private records are visible only to admins and the creator, regardless of role. This is a per-record override on top of roles.