Set Up Roles and Permissions
How the built-in role types work, what each role can access, how to create custom roles, and how to change a team member's role.
What this guide covers
This guide explains the role-based access control system in JobsiteOn. You will learn about the four built-in roles, what each role can and cannot do, how to create custom roles with fine-grained permissions, and how to change a team member's role. Proper role setup ensures that every team member sees exactly what they need and nothing they do not.
Before you begin
- You need Owner permissions to create custom roles and to promote or demote Admin-level members.
- Admin users can change roles for Dispatcher and Technician members but cannot modify other Admins or the Owner.
- Review your team roster at
/teamto understand how many members you have in each role before making changes.
Built-in role types
JobsiteOn ships with four built-in roles. These roles cannot be deleted or renamed, but their descriptions below represent the default permissions each one carries.
Owner
The Owner role is assigned to the person who created the workspace. There is exactly one Owner per workspace.
| Area | Access |
|---|---|
| Dashboard | Full read |
| Schedule | Full read and write |
| Contacts | Full read and write |
| Properties | Full read and write |
| Jobs | Full read and write |
| Quotes | Full read and write |
| Invoices | Full read and write, including payment config |
| Pricebook | Full read and write |
| Reporting | Full read |
| Team | Invite, remove, and change any role |
| Settings | Full access, including billing and danger zone |
| Integrations | Connect and disconnect |
Admin
Admins have nearly the same access as the Owner, with two exceptions: they cannot access the billing section under settings and they cannot delete the workspace.
| Area | Access |
|---|---|
| Dashboard | Full read |
| Schedule | Full read and write |
| Contacts | Full read and write |
| Properties | Full read and write |
| Jobs | Full read and write |
| Quotes | Full read and write |
| Invoices | Full read and write |
| Pricebook | Full read and write |
| Reporting | Full read |
| Team | Invite and manage Dispatchers and Technicians |
| Settings | All settings except billing and deletion |
| Integrations | Connect and disconnect |
Dispatcher
Dispatchers focus on scheduling and day-to-day operations. They can create and assign work but cannot change workspace-level settings.
| Area | Access |
|---|---|
| Dashboard | Full read |
| Schedule | Full read and write |
| Contacts | Full read and write |
| Properties | Full read and write |
| Jobs | Full read and write |
| Quotes | Full read, create, and send |
| Invoices | Full read, create, and send |
| Pricebook | Read only |
| Reporting | Read only |
| Team | View roster only |
| Settings | No access |
| Integrations | No access |
Technician
Technicians are field-focused. They see their own assigned work, can update job status and add notes, and have limited visibility into the rest of the workspace.
| Area | Access |
|---|---|
| Dashboard | Limited (assigned work summary) |
| Schedule | Read own schedule only |
| Contacts | Read linked contacts only |
| Properties | Read linked properties only |
| Jobs | Read and update assigned jobs only |
| Quotes | No access |
| Invoices | No access |
| Pricebook | Read only |
| Reporting | No access |
| Team | View roster only |
| Settings | Personal account settings only |
| Integrations | No access |
Step 1: Review current role assignments
- Navigate to
/team. - The Active Members table shows each member's current role.
- Review the list and identify any members whose role does not match their actual responsibilities.
Signs a role needs to change
- A Dispatcher asks you to update a setting they cannot access. Consider upgrading them to Admin, or check if a custom role would be better.
- A Technician can see financial data they should not. Confirm they are assigned the Technician role, not Dispatcher.
- An Admin is only handling schedule work. Downgrading to Dispatcher reduces their access surface without limiting their daily tasks.
Step 2: Change a member's role
- On the
/teampage, find the member in the Active Members table. - Click the overflow menu (...) on their row.
- Select Change Role.
- Choose the new role from the dropdown.
- Click Save.
The change takes effect immediately. The member's navigation and page access update the next time they load any page in the workspace.
Note: Changing a role does not send an automatic notification to the member. If the change significantly affects what they can do, let them know directly.
Step 3: Create a custom role
Custom roles let you define permissions that do not fit the four built-in role types. For example, you might create a "Field Supervisor" role that has Technician-level job access plus read access to reporting.
- Go to
/settingsand open the Roles section under Workspace Settings. - Click Create Custom Role.
- Enter a Role Name (e.g., "Field Supervisor").
- Enter a Description explaining what this role is for.
- Use the permission matrix to toggle access for each area:
- No Access -- the member cannot see this area at all.
- Read -- the member can view but not create, edit, or delete.
- Read & Write -- full operational access.
- Full -- read, write, plus administrative actions (like payment config for invoices or integration connections).
- Click Save Role.
The new role now appears in the role dropdown when inviting members or changing an existing member's role.
Permission categories
The permission matrix is organized by workspace area:
- Dashboard -- view KPI cards and filters.
- Schedule -- view and manage the calendar.
- Contacts -- view and manage contact records.
- Properties -- view and manage property records.
- Jobs -- view and manage job records.
- Quotes -- view, create, and send quotes.
- Invoices -- view, create, send, and configure payments.
- Pricebook -- view and manage services and parts.
- Reporting -- view revenue and performance reports.
- Team -- view roster, invite, and manage members.
- Settings -- access workspace and company settings.
- Integrations -- connect and manage integrations.
Step 4: Edit or delete a custom role
Editing
- Go to
/settings> Roles. - Find the custom role and click Edit.
- Adjust the name, description, or permissions.
- Click Save.
Changes apply immediately to all members assigned to that role.
Deleting
- Go to
/settings> Roles. - Find the custom role and click Delete.
- You will be prompted to reassign any members currently on that role to a different role before the deletion can proceed.
- Choose the replacement role and confirm.
Built-in roles cannot be deleted.
Best practices
- Start with built-in roles. Most teams of 10 or fewer can operate with just Owner, Admin, Dispatcher, and Technician.
- Create custom roles only when needed. Adding too many roles makes it harder to audit who has access to what.
- Name roles after responsibilities, not people. "Field Supervisor" is better than "John's Role" because it remains useful when team members change.
- Audit roles quarterly. As your business grows, responsibilities shift. A quarterly review ensures permissions still match reality.
- Use the principle of least privilege. Give each team member the minimum access they need to do their job.
Troubleshooting
A member cannot access a page they need
- Check their current role on the
/teampage. - Compare the role's permissions to the page they are trying to access.
- If the role does not include the necessary permission, either change their role or update a custom role to include access.
I changed a role but the member still sees the old permissions
Ask the member to refresh their browser. Permissions are enforced on each page load, so a refresh applies the update immediately.
I cannot create a custom role
Only the workspace Owner can create and manage custom roles. If you are an Admin, ask the Owner to create the role for you.
Two custom roles have overlapping permissions
This is allowed but not recommended. Review both roles and consider merging them into one to simplify management.
I want to make someone a co-owner
There can be only one Owner per workspace. If you need a second person with near-full access, assign them the Admin role. The only differences are billing access and workspace deletion.
FAQ
Can I restrict access to specific contacts or properties?
No. Permissions are area-based, not record-based. A member with read access to Contacts can see all contacts in the workspace.
What role should I give my office manager?
Admin is typically the right fit for an office manager who handles scheduling, invoicing, and team coordination.
What role should I give my field crew lead?
Start with Dispatcher if they need to assign jobs, or Technician if they only work on their own assigned jobs. If neither fits, create a custom "Field Supervisor" role.
Do roles affect mobile app access?
Yes. The mobile experience respects the same role permissions. A Technician sees only their assigned jobs on mobile, just as they do on desktop.
Can I copy an existing role to create a new one?
Not directly. Create a new custom role and manually set the permissions. Use an existing role's permission table as a reference.
Related articles
Did this answer your question?