User Roles & Permissions
User Roles and Permissions are security controls within a property management system (PMS) that dictate what actions a team member can perform and what information they can access based on their job function. A "role" is a collection of specific "permissions" assigned to a user or group of users.
Why it matters
Properly configured user roles are fundamental to operational security, data integrity, and team efficiency. They mitigate risks of data breaches, unauthorized changes to listings or pricing, and accidental data deletion. This ensures that team members only have access to the information and tools necessary for their specific responsibilities, which supports scalability and reduces the chance of costly errors.
Operator use case
An operator uses roles and permissions to provide a new reservations agent with access to the unified inbox and booking calendar, but restricts their ability to view owner statements or alter payment settings. For the housekeeping team, access is limited to a mobile view of cleaning schedules and property-specific checklists. This segregation of duties ensures operational focus and protects sensitive financial and guest data.
Industry insight
A common mistake for scaling operators is maintaining a "flat" permission structure where most of the team has admin-level access, a holdover from when the company was smaller. This creates significant security vulnerabilities, particularly around guest personally identifiable information (PII) and owner financial data. As a business grows, a key transition is from a trust-based system to a role-based access control (RBAC) model. Another nuance is that permission needs can vary by market; for instance, in a highly competitive urban market, you might further restrict access to pricing strategy and occupancy reports to a very small circle, whereas in a seasonal leisure market, a broader team might have visibility into booking pace. A mature operator regularly audits user permissions, at least quarterly, and immediately revokes access for off-boarding employees.
Tech & tools relevance
In a PMS, user roles are a core administrative feature that allows a primary account holder or manager to create and assign roles like "Booking Agent," "Housekeeping Manager," or "Owner." These roles have predefined permission sets that control access to functionalities such as the central calendar, messaging, reporting, and payment processing. Many platforms also provide an audit trail, which logs actions taken by each user, enhancing accountability and security.
How Hostfully helps
Hostfully provides a User Permissions feature that enables operators to control what each team member can see and edit within the platform. The system includes four predefined roles: Manager, Booking Agent, Property Sales Manager, and Associate, each with different levels of access to protect sensitive data like owner financials and guest information. This functionality is designed to scale with a growing business, helping larger teams collaborate efficiently by ensuring staff members only access information relevant to their roles, which improves security and operational workflow.