Skip to main content

Controlling who can do what

Not everyone on your team needs the same access. A front-desk employee probably should not be able to change your deposit policy or view your payroll report. Permission groups let you draw those lines clearly.

How groups work​

A permission group is a collection of access rights. You assign employees to groups, and the group decides what they can see and change.

Petsoft starts with a few default groups:

GroupTypical access
OwnerEverything, including billing and security settings
ManagerMost operational features, some reporting
StaffDaily tasks like bookings and checkouts
Read OnlyCan view but cannot change anything

You can edit these or create your own. Most facilities end up with four to six groups after they have been running for a while.

Creating a group​

Go to Organization > Security > Groups and click Add Group.

Give it a name that makes sense to you. "Weekend Supervisor" is better than "Group A." Then check the boxes for each permission you want to grant.

Permissions are organized into categories:

  • Customers: View, edit, delete
  • Reservations: Book, edit, cancel, override capacity
  • Billing: View invoices, process refunds, change prices
  • Reports: View standard reports, view financial reports, export data
  • Facility: Edit services, runs, availability
  • Organization: Change settings, manage users, view audit logs

Be careful with the Organization category. Those permissions are close to admin level. If you are not sure whether someone needs them, leave them off.

Report groups​

In addition to general permission groups, there are report groups. These control which reports a user can see in the reports menu.

Some facilities create a report group called "Financials" that only includes revenue and payroll reports. They assign this to the owner and the bookkeeper. Everyone else gets a "Standard" group with operational reports like arrivals and daily medications.

Report groups are managed separately from permission groups because the reports menu can get long. You do not want your front-desk staff scrolling past ten financial reports they will never use.

Assigning employees to groups​

When you add a new employee, you pick their primary group during setup. You can change it later from their profile.

An employee can belong to multiple groups, but we recommend keeping it simple. If someone needs a specific extra permission, it is usually cleaner to create a new group than to stack two existing ones.

Audit trail​

Petsoft logs most actions that change data: who edited a reservation, who issued a refund, who changed a price. You can view these logs from Admin > Audit Log if your account has access.

The audit log is read-only. Even admins cannot delete entries. If you suspect someone made a mistake or did something they should not have, this is where you look.

What happens when someone leaves​

When you deactivate an employee, their permissions are frozen immediately. They cannot log in. However, their past actions stay in the audit log so you can still trace who did what.

If a former employee shared their login with someone else, change the password and force a logout from all devices. You can do this from the security settings.

Best practices​

  • Do not give everyone admin access. It sounds obvious, but small businesses do this all the time because it is easier than setting up groups.
  • Review your groups every six months. People change roles, and permissions tend to accumulate over time.
  • Train your staff to log out when they step away from the computer. Permission groups only work if the right person is logged in.

Choosing the right permission level​

Permission category matrix​

CategoryViewEditDelete/AdminRisk level
CustomersLowLowLowLow
ReservationsLowLowMediumMedium
BillingMediumHighHighHigh
ReportsLowN/AN/ALow
FacilityMediumMediumHighMedium
OrganizationHighHighHighCritical

Security review checklist​

ReviewFrequency
Audit group membershipsEvery 6 months
Check for unused admin accessEvery 6 months
Review audit log for anomaliesMonthly
Force password reset on shared loginsImmediately
Deactivate former employeesImmediately upon departure
Was this page helpful?

Still stuck?

Our team is happy to help. Reach out and we'll get you back on track.