Skip to main content

Organization Roles & Permissions

Omeny uses a role-based access control system to ensure that team members have appropriate access based on their responsibilities. Understanding these roles helps you assign the right permissions to the right people.

What Each Role Can Do

Owner Role

Full System Access

  • Complete control over the organization
  • Can access and modify all features
  • Can delete the organization
  • Can manage all members and their roles

Specific Permissions:

  • ✅ Create, edit, and delete employees
  • ✅ Manage all schedules and shifts
  • ✅ View and edit all time logs
  • ✅ Manage organization settings
  • ✅ Invite and remove members
  • ✅ Change member roles (including other Owners)
  • ✅ Delete the organization
  • ✅ Manage all departments and settings
  • ✅ Configure employment types and payroll
  • ✅ Manage kiosk devices
  • ✅ Export all data

When to Use:

  • Business owners
  • Primary administrators
  • People who need complete control
  • Use sparingly - only give to trusted individuals

Important: Every organization must have at least one Owner. You cannot remove the last Owner.

Admin Role

Complete Administrative Control

  • Can manage all day-to-day operations
  • Cannot delete the organization
  • Cannot change Owner roles (in most cases)

Specific Permissions:

  • ✅ Create, edit, and delete employees
  • ✅ Manage all schedules and shifts
  • ✅ View and edit all time logs
  • ✅ Manage most organization settings
  • ✅ Invite and remove members (except Owners)
  • ✅ Change member roles (except Owners)
  • ✅ Manage departments and settings
  • ✅ Configure employment types and payroll
  • ✅ Manage kiosk devices
  • ✅ Export all data
  • ❌ Delete the organization
  • ❌ Change Owner roles (typically)

When to Use:

  • HR managers
  • Senior administrators
  • People who need full operational control
  • Trusted staff who manage the system daily

Note: Admins have nearly the same permissions as Owners, except for critical organization-level actions.

Manager Role

Employee and Schedule Management

  • Can manage employees and schedules
  • Can view time logs and reports
  • Cannot change organization settings
  • Cannot invite members

Specific Permissions:

  • ✅ Create, edit, and delete employees
  • ✅ Manage schedules and shifts
  • ✅ View all time logs
  • ✅ Edit time logs (with some restrictions)
  • ✅ View reports and statistics
  • ✅ Manage time-off requests
  • ✅ View organization settings (read-only)
  • ❌ Change organization settings
  • ❌ Invite or remove members
  • ❌ Change member roles
  • ❌ Manage kiosk devices
  • ❌ Configure employment types
  • ❌ Delete employees (in some cases)

When to Use:

  • Shift supervisors
  • Department managers
  • People who manage schedules and employees
  • Staff who need operational access but not administrative control

Perfect For: Managers who need to schedule employees and track time but don't need to change system settings.

Viewer Role

Read-Only Access

  • Can view schedules and reports
  • Cannot make any changes
  • Perfect for executives or auditors

Specific Permissions:

  • ✅ View employee lists
  • ✅ View schedules and shifts
  • ✅ View time logs (read-only)
  • ✅ View reports and statistics
  • ✅ View organization settings (read-only)
  • ❌ Cannot make any changes
  • ❌ Cannot edit employees
  • ❌ Cannot manage schedules
  • ❌ Cannot invite members
  • ❌ Cannot access settings

When to Use:

  • Executives who need visibility
  • Auditors who need to review data
  • Stakeholders who need reports
  • People who need information but not editing access

Perfect For: People who need to see what's happening but don't need to make changes.

Permission Levels Explained

Omeny uses a hierarchical permission system:

Permission Hierarchy:

  1. Viewer (Level 1): Read-only access
  2. Manager (Level 2): Operational management
  3. Admin (Level 3): Administrative control
  4. Owner (Level 4): Full system access

How It Works:

  • Higher roles include all permissions of lower roles
  • An Admin can do everything a Manager can do, plus more
  • A Manager can do everything a Viewer can do, plus more
  • Roles are cumulative (higher = more permissions)

Access Control:

  • The system checks your role before allowing actions
  • If you don't have permission, you'll see an error message
  • Some features are hidden if you don't have access
  • Your role is checked on every action

Best Practices for Role Assignment

Principle of Least Privilege

  • Give people the minimum access they need
  • Start with lower roles and promote if needed
  • It's easier to increase permissions than decrease them

Role Assignment Guidelines:

For Business Owners:

  • Assign Owner role to yourself
  • Consider if partners need Owner role
  • Limit Owners to 1-2 people maximum

For HR and Administrators:

  • Assign Admin role for full operational control
  • Good for people who manage the system daily
  • Can handle all day-to-day tasks

For Department Managers:

  • Assign Manager role
  • Perfect for shift supervisors
  • Can manage their team without system access

For Executives and Auditors:

  • Assign Viewer role
  • Provides visibility without editing access
  • Safe for people who just need reports

Role Review:

  • Regularly review who has what access
  • Remove access when people leave
  • Change roles when responsibilities change
  • Document why people have certain roles

Security Considerations:

  • Don't give Owner role to too many people
  • Be careful with Admin role (nearly full access)
  • Manager role is usually sufficient for most staff
  • Viewer role is safe for anyone who needs visibility

Common Mistakes to Avoid:

  • ❌ Giving Owner role to everyone
  • ❌ Not reviewing roles regularly
  • ❌ Keeping former employees as members
  • ❌ Giving higher roles than needed
  • ❌ Not documenting role assignments

Next: Employee Management