Skip to content
Kuberan AI Help

Settings — Permissions

Open Permissions

Overview

The Permissions screen manages who has access to your Kuberan AI workspace and what they can do once inside. Team members are assigned one of three roles — Owner, Admin, or Staff — which determines their default access level. Roles are complemented by a permissions matrix that gives fine-grained control over each module. This allows you to give a junior staff member access to Books but not Payroll, or a front-desk person access to the Scheduler and SMS but not financial data.

Permissions screen showing user list with roles and a permissions matrix grid
The Permissions screen. The user list is on the left; the permissions matrix is on the right.
  1. (1) Invite User button
  2. (2) Team member row — name, email, role
  3. (3) Role badge — Owner, Admin, or Staff
  4. (4) Permissions matrix — checkboxes per module per user
  5. (5) Revoke Access action

Roles

Owner

The workspace owner has unrestricted access to all modules, settings, and billing. There is exactly one Owner per workspace. Ownership can be transferred to another Admin from this screen, but the transfer is permanent and requires the current Owner to confirm.

Admin

Admins have full access to all modules and most settings, including the ability to invite and manage other team members. They cannot access billing settings or transfer workspace ownership. Admins can see and modify all client data.

Staff

Staff members have access only to the modules explicitly enabled in their permissions matrix. They cannot access Settings, Billing, or Portal Admin unless those permissions are individually granted. This is the appropriate role for junior staff, bookkeepers, and administrative assistants.

Actions

Invite a Team Member

    1. Click Invite User in the toolbar.
    2. Enter the team member’s email address.
    3. Select their role: Admin or Staff (Owner cannot be assigned at invite time).
    4. For Staff roles, configure the permissions matrix:
      • Toggle on/off access for each module (Books, Payroll, Mileage, Scheduler, Documents, Email, SMS, Portal Admin, Reports, Settings).
      • For some modules, you can choose between View Only and Full Access to distinguish between read-only and write access.
    5. Click Send Invitation. An email is sent with an invitation link that expires after 48 hours.

Change a Team Member’s Role

    1. Find the team member in the list and click their name or the Edit button.
    2. Change the role using the Role dropdown.
    3. Adjust the permissions matrix if moving from Admin to Staff (permissions matrix is not applicable to Admins — they have full access by default).
    4. Click Save.

Role changes take effect immediately. If a team member is currently logged in, their access level updates on their next page load.

Revoke Access

    1. Open the Actions menu on the team member’s row.
    2. Select Revoke Access.
    3. Confirm.

The team member can no longer log in. Their contributions (transactions, notes, pay runs) remain attributed to their name in historical records. To reinstate them, click Restore Access — their previous role and permissions are restored, and they can log in again.

Permissions Matrix

The permissions matrix lists available modules and settings across the top, and team members down the side. Checkboxes at each intersection control that team member’s access.

Available permission categories:

PermissionDescription
BooksAccess to the Books (Client Accounting) module
PayrollAccess to the Payroll module
MileageAccess to the Mileage module
SchedulerAccess to the Scheduler and appointment management
DocumentsAccess to the Documents module and document requests
EmailAccess to the Email inbox
SMSAccess to the SMS conversations and bulk SMS
Portal AdminAccess to Portal Admin (users, announcements, chat)
ContactsAccess to the Contacts CRM module
ReportsAccess to cross-module reporting and exports
SettingsAccess to workspace-level settings (use with caution)

Tips

  • Front-desk staff typically need: Scheduler (Full Access), SMS (Full Access), Documents (View Only or Full Access). They generally should not have access to Payroll, Financials, or Settings.
  • Bookkeepers typically need: Books (Full Access), Documents (Full Access), possibly Payroll depending on their responsibilities.
  • Use the least privilege principle. Give each team member only the access they need for their role. Over-permissioning creates security and compliance risks, especially for modules containing SINs, banking details, and financial data.