Set Up Roles and Permissions

How the built-in role types work, what each role can access, how to create custom roles, and how to change a team member's role.

Written by Sofia PatelUpdated over a month ago9 min readIntermediate

What this guide covers

This guide explains the role-based access control system in JobsiteOn. You will learn about the four built-in roles, what each role can and cannot do, how to create custom roles with fine-grained permissions, and how to change a team member's role. Proper role setup ensures that every team member sees exactly what they need and nothing they do not.

Before you begin

You need Owner permissions to create custom roles and to promote or demote Admin-level members.
Admin users can change roles for Dispatcher and Technician members but cannot modify other Admins or the Owner.
Review your team roster at /team to understand how many members you have in each role before making changes.

Built-in role types

JobsiteOn ships with four built-in roles. These roles cannot be deleted or renamed, but their descriptions below represent the default permissions each one carries.

Owner

The Owner role is assigned to the person who created the workspace. There is exactly one Owner per workspace.

Area	Access
Dashboard	Full read
Schedule	Full read and write
Contacts	Full read and write
Properties	Full read and write
Jobs	Full read and write
Quotes	Full read and write
Invoices	Full read and write, including payment config
Pricebook	Full read and write
Reporting	Full read
Team	Invite, remove, and change any role
Settings	Full access, including billing and danger zone
Integrations	Connect and disconnect

Admin

Admins have nearly the same access as the Owner, with two exceptions: they cannot access the billing section under settings and they cannot delete the workspace.

Area	Access
Dashboard	Full read
Schedule	Full read and write
Contacts	Full read and write
Properties	Full read and write
Jobs	Full read and write
Quotes	Full read and write
Invoices	Full read and write
Pricebook	Full read and write
Reporting	Full read
Team	Invite and manage Dispatchers and Technicians
Settings	All settings except billing and deletion
Integrations	Connect and disconnect

Dispatcher

Dispatchers focus on scheduling and day-to-day operations. They can create and assign work but cannot change workspace-level settings.

Area	Access
Dashboard	Full read
Schedule	Full read and write
Contacts	Full read and write
Properties	Full read and write
Jobs	Full read and write
Quotes	Full read, create, and send
Invoices	Full read, create, and send
Pricebook	Read only
Reporting	Read only
Team	View roster only
Settings	No access
Integrations	No access

Technician

Technicians are field-focused. They see their own assigned work, can update job status and add notes, and have limited visibility into the rest of the workspace.

Area	Access
Dashboard	Limited (assigned work summary)
Schedule	Read own schedule only
Contacts	Read linked contacts only
Properties	Read linked properties only
Jobs	Read and update assigned jobs only
Quotes	No access
Invoices	No access
Pricebook	Read only
Reporting	No access
Team	View roster only
Settings	Personal account settings only
Integrations	No access

Step 1: Review current role assignments

Navigate to /team.
The Active Members table shows each member's current role.
Review the list and identify any members whose role does not match their actual responsibilities.

Signs a role needs to change

A Dispatcher asks you to update a setting they cannot access. Consider upgrading them to Admin, or check if a custom role would be better.
A Technician can see financial data they should not. Confirm they are assigned the Technician role, not Dispatcher.
An Admin is only handling schedule work. Downgrading to Dispatcher reduces their access surface without limiting their daily tasks.

Step 2: Change a member's role

On the /team page, find the member in the Active Members table.
Click the overflow menu (...) on their row.
Select Change Role.
Choose the new role from the dropdown.
Click Save.

The change takes effect immediately. The member's navigation and page access update the next time they load any page in the workspace.

Note: Changing a role does not send an automatic notification to the member. If the change significantly affects what they can do, let them know directly.

Step 3: Create a custom role

Custom roles let you define permissions that do not fit the four built-in role types. For example, you might create a "Field Supervisor" role that has Technician-level job access plus read access to reporting.

Go to /settings and open the Roles section under Workspace Settings.
Click Create Custom Role.
Enter a Role Name (e.g., "Field Supervisor").
Enter a Description explaining what this role is for.
Use the permission matrix to toggle access for each area:
- No Access -- the member cannot see this area at all.
- Read -- the member can view but not create, edit, or delete.
- Read & Write -- full operational access.
- Full -- read, write, plus administrative actions (like payment config for invoices or integration connections).
Click Save Role.

The new role now appears in the role dropdown when inviting members or changing an existing member's role.

Permission categories

The permission matrix is organized by workspace area:

Dashboard -- view KPI cards and filters.
Schedule -- view and manage the calendar.
Contacts -- view and manage contact records.
Properties -- view and manage property records.
Jobs -- view and manage job records.
Quotes -- view, create, and send quotes.
Invoices -- view, create, send, and configure payments.
Pricebook -- view and manage services and parts.
Reporting -- view revenue and performance reports.
Team -- view roster, invite, and manage members.
Settings -- access workspace and company settings.
Integrations -- connect and manage integrations.

Step 4: Edit or delete a custom role

Editing

Go to /settings > Roles.
Find the custom role and click Edit.
Adjust the name, description, or permissions.
Click Save.

Changes apply immediately to all members assigned to that role.

Deleting

Go to /settings > Roles.
Find the custom role and click Delete.
You will be prompted to reassign any members currently on that role to a different role before the deletion can proceed.
Choose the replacement role and confirm.

Built-in roles cannot be deleted.

Best practices

Start with built-in roles. Most teams of 10 or fewer can operate with just Owner, Admin, Dispatcher, and Technician.
Create custom roles only when needed. Adding too many roles makes it harder to audit who has access to what.
Name roles after responsibilities, not people. "Field Supervisor" is better than "John's Role" because it remains useful when team members change.
Audit roles quarterly. As your business grows, responsibilities shift. A quarterly review ensures permissions still match reality.
Use the principle of least privilege. Give each team member the minimum access they need to do their job.

Troubleshooting

A member cannot access a page they need

Check their current role on the /team page.
Compare the role's permissions to the page they are trying to access.
If the role does not include the necessary permission, either change their role or update a custom role to include access.

I changed a role but the member still sees the old permissions

Ask the member to refresh their browser. Permissions are enforced on each page load, so a refresh applies the update immediately.

I cannot create a custom role

Only the workspace Owner can create and manage custom roles. If you are an Admin, ask the Owner to create the role for you.

Two custom roles have overlapping permissions

This is allowed but not recommended. Review both roles and consider merging them into one to simplify management.

I want to make someone a co-owner

There can be only one Owner per workspace. If you need a second person with near-full access, assign them the Admin role. The only differences are billing access and workspace deletion.

FAQ

Can I restrict access to specific contacts or properties?

No. Permissions are area-based, not record-based. A member with read access to Contacts can see all contacts in the workspace.

What role should I give my office manager?

Admin is typically the right fit for an office manager who handles scheduling, invoicing, and team coordination.

What role should I give my field crew lead?

Start with Dispatcher if they need to assign jobs, or Technician if they only work on their own assigned jobs. If neither fits, create a custom "Field Supervisor" role.

Do roles affect mobile app access?

Yes. The mobile experience respects the same role permissions. A Technician sees only their assigned jobs on mobile, just as they do on desktop.

Can I copy an existing role to create a new one?

Not directly. Create a new custom role and manually set the permissions. Use an existing role's permission table as a reference.

Did this answer your question?