Configuring User Roles, Permissions & Access Control
A well-designed Role-Based Access Control policy keeps sensitive data safe, prevents “permission sprawl,” and lets every team member in your field-service business work faster because they immediately see only the screens, records, and actions that matter to their job. OctopusPro ships with sensible defaults (Admin, Manager, Fieldworker, Sub-worker, Dispatcher, Accountant, Support) and lets you create unlimited custom roles so your structure mirrors reality—whether you run a one-van carpet-cleaning outfit or a national HVAC franchise network.
Why Role-Based Access Control Matters in Field-Service Platforms
- Security by least privilege – 80 % of breaches start with over-privileged credentials; granting only what is needed sharply limits blast-radius.
- Regulatory alignment – Standards such as CIS Control 6 explicitly require periodic access reviews and role definitions.
- Productivity – Users land on the right dashboard with no distracting menus; admins spend less time answering “where do I click?”
- Operational clarity – A documented permission matrix acts as a living org-chart and onboarding checklist.
- Scalability & franchising – NIST’s economic study estimates RBAC saves >US $1 billion in admin overhead across industry.
Default Roles Supplied by OctopusPro
| Role | Typical Access | Ideal User Example |
|---|---|---|
| Admin | All company settings, integrations, billing, reports | Business owner, CTO |
| Manager | Team rosters, job assignment, invoice approval | Operations manager |
| Dispatcher | Live schedule board, route optimisation, SMS/email | Call-centre coordinator |
| Fieldworker | Jobs assigned to them, clock-in/out, customer notes | Technician on the road |
| Sub-worker | Sub-tasks only, limited customer data | Apprentice, helper |
| Accountant | Invoices, payments, refunds, export to Xero | Finance staff |
| Support | Customer profiles & communication log | Help-desk agent |
These presets accelerate onboarding but can be tweaked or cloned to suit unique structures.
Creating Custom Roles (Step-by-Step)
- Navigate: Settings ▸ Company Settings ▸ Users ▸ Roles.
- Click “New Role.” Give it a clear, task-oriented name—e.g., “Franchise Auditor”.
- Set Landing Page. Choose where this role starts on login (e.g., Reports).
- Save to create shell role.
- Assign Permissions: select “Assign Credentials.”
- Use Open All to expand every category.
- Tick only the create/read/update/delete (CRUD) boxes required.
- Save.
- Use Open All to expand every category.
- Add Users: assign employees or contractors to the new role via Users ▸ Edit ▸ Role.
Tip: Build a simple permission matrix first (role names in columns, system actions in rows) to visualise overlap and gaps. Downloadable templates are widely available if you need inspiration.
Real-World Use Cases
| Industry | Custom Role | Key Permissions | Benefit |
| Cleaning franchise | Franchisee Owner | View revenue reports for their branch; approve refunds; not see HQ financials | Maintains brand control while giving franchisees autonomy. |
| HVAC contractor | Field Ops Accountant | Access work-order schedule + invoice editor; no staff payroll | Cuts double-handling between operations & finance teams. |
| NDIS home-care provider | Safeguarding Officer | Read-only access to client notes & incident reports; export compliance logs | Supports mandatory external audits without exposing billing screens. |
| SaaS support desk | QA Coach | Listen to call recordings; add training notes; cannot edit tickets | Enables coaching while protecting ticket data integrity. |
Best-Practice Checklist
- Principle of Least Privilege (PoLP) – start restrictive, expand only when a blocked action is justified.
- Periodic Access Reviews – schedule quarterly audits to remove dormant accounts or excess rights.
- Onboarding/Offboarding Automation – map HR status to OctopusPro roles to close security gaps faster.
Frequently Asked Questions
| Question | Answer |
| Do portal customers count as “users”? | No. Customer logins have a separate permission layer limited to their own bookings and invoices. Internal roles discussed here never apply to customers. |
| Can I duplicate a role between companies in a multi-brand account? | The same credentials apply to all brands within your company account. |
| What happens if two roles conflict? | OctopusPro evaluates the most permissive setting, so keep users assigned to a single primary role wherever possible. |
| Is fieldworker location tracking a permission? | Yes—enable “GPS Tracking → View Live Location” for dispatchers; disable for accountants. |
To stay updated, please subscribe to our YouTube channel.