Configuring User Roles, Permissions & Access Control

Configuring User Roles, Permissions & Access Control

A well-designed Role-Based Access Control policy keeps sensitive data safe, prevents “permission sprawl,” and lets every team member in your field-service business work faster because they immediately see only the screens, records, and actions that matter to their job. OctopusPro ships with sensible defaults (Admin, Manager, Fieldworker, Sub-worker, Dispatcher, Accountant, Support) and lets you create unlimited custom roles so your structure mirrors reality—whether you run a one-van carpet-cleaning outfit or a national HVAC franchise network.


Why Role-Based Access Control Matters in Field-Service Platforms

  • Security by least privilege – 80 % of breaches start with over-privileged credentials; granting only what is needed sharply limits blast-radius.
  • Regulatory alignment – Standards such as CIS Control 6 explicitly require periodic access reviews and role definitions.
  • Productivity – Users land on the right dashboard with no distracting menus; admins spend less time answering “where do I click?”
  • Operational clarity – A documented permission matrix acts as a living org-chart and onboarding checklist.
  • Scalability & franchising – NIST’s economic study estimates RBAC saves >US $1 billion in admin overhead across industry.

Default Roles Supplied by OctopusPro

Role Typical Access Ideal User Example
Admin All company settings, integrations, billing, reports Business owner, CTO
Manager Team rosters, job assignment, invoice approval Operations manager
Dispatcher Live schedule board, route optimisation, SMS/email Call-centre coordinator
Fieldworker Jobs assigned to them, clock-in/out, customer notes Technician on the road
Sub-worker Sub-tasks only, limited customer data Apprentice, helper
Accountant Invoices, payments, refunds, export to Xero Finance staff
Support Customer profiles & communication log Help-desk agent

These presets accelerate onboarding but can be tweaked or cloned to suit unique structures.


Creating Custom Roles (Step-by-Step)

  1. Navigate: Settings ▸ Company Settings ▸ Users ▸ Roles.
  2. Click “New Role.” Give it a clear, task-oriented name—e.g., “Franchise Auditor”.
  3. Set Landing Page. Choose where this role starts on login (e.g., Reports).
  4. Save to create shell role.
  5. Assign Permissions: select “Assign Credentials.”

    • Use Open All to expand every category.
    • Tick only the create/read/update/delete (CRUD) boxes required.
    • Save.
  6. Add Users: assign employees or contractors to the new role via Users ▸ Edit ▸ Role.

Tip: Build a simple permission matrix first (role names in columns, system actions in rows) to visualise overlap and gaps. Downloadable templates are widely available if you need inspiration.


Real-World Use Cases

Industry Custom Role Key Permissions Benefit
Cleaning franchise Franchisee Owner View revenue reports for their branch; approve refunds; not see HQ financials Maintains brand control while giving franchisees autonomy.
HVAC contractor Field Ops Accountant Access work-order schedule + invoice editor; no staff payroll Cuts double-handling between operations & finance teams.
NDIS home-care provider Safeguarding Officer Read-only access to client notes & incident reports; export compliance logs Supports mandatory external audits without exposing billing screens.
SaaS support desk QA Coach Listen to call recordings; add training notes; cannot edit tickets Enables coaching while protecting ticket data integrity.

Best-Practice Checklist

  • Principle of Least Privilege (PoLP) – start restrictive, expand only when a blocked action is justified.
  • Periodic Access Reviews – schedule quarterly audits to remove dormant accounts or excess rights.
  • Onboarding/Offboarding Automation – map HR status to OctopusPro roles to close security gaps faster.

Frequently Asked Questions

Question Answer
Do portal customers count as “users”? No. Customer logins have a separate permission layer limited to their own bookings and invoices. Internal roles discussed here never apply to customers.
Can I duplicate a role between companies in a multi-brand account? The same credentials apply to all brands within your company account.
What happens if two roles conflict? OctopusPro evaluates the most permissive setting, so keep users assigned to a single primary role wherever possible.
Is fieldworker location tracking a permission? Yes—enable “GPS Tracking → View Live Location” for dispatchers; disable for accountants.

To stay updated, please subscribe to our YouTube channel.

Scroll to top