Essential Permission Requirements for Common Roles
Overview
Xenia's role-based permission system allows you to create custom roles tailored to your organization's specific needs. This guide provides detailed permission requirements for common roles, helping you configure your workspace efficiently and securely.
Each role in Xenia can be customized with specific permissions that control what users can see and do across the platform. Understanding these permissions is essential for creating roles that give your team members the right level of access.
Important Note: Location membership works in conjunction with role permissions. Even with broad permissions, users can only see data from locations they have been assigned to.
Understanding Permission Categories
Xenia organizes permissions into several key categories:
| Category | What It Controls |
|---|---|
| Tasks | Access to view, manage, and change the status of tasks |
| Operations Templates | Access to checklists, forms, and the ability to create or modify templates |
| Projects | Ability to create and manage recurring task schedules |
| Reporting | Access to reports and analytics across the workspace |
| Locations | Ability to create, edit, or delete locations and manage location hierarchies |
| Users & Teams | Ability to add, edit, or remove users and manage team memberships |
| Announcements | Access to view and acknowledge announcements deployed to locations |
Common Roles and Their Permissions
1. Store Manager / Location Manager
Purpose: Manages daily operations at a single location, supervises staff, completes checklists, and oversees task completion.
Key Responsibilities:
- Complete daily operational checklists
- Assign tasks to store employees
- Monitor task completion at their location
- View reports and submissions from their location
| Permission | Setting |
|---|---|
| Access Tasks | ✓ Enabled |
| View Tasks | "View your own tasks plus tasks assigned to others at your location" - Critical for supervising team |
| Change Task Status | ✓ Enabled - Allows marking tasks as complete |
| Manage Tasks | ✓ Enabled - Can create, edit, assign, and delete tasks |
| Access Operations Templates | ✓ Enabled - Needs to complete checklists |
| Manage Templates | ✗ Disabled - Prevents accidental template changes |
| Access Reporting | ✓ Enabled - Can view reports for their location |
| View Announcements | ✓ Enabled - Receives location-specific announcements |
| Recommended Home Screen | Location Pulse Dashboard - Shows daily tasks and completion status |
2. Regional Manager / Area Manager / District Manager
Purpose: Oversees multiple locations within a region or district, monitors performance across locations, and ensures operational standards are met.
Key Responsibilities:
- Monitor task completion across multiple locations
- Review submissions and reports from their assigned locations
- Assign tasks to store managers
- Access regional performance analytics
| Permission | Setting |
|---|---|
| Access Tasks | ✓ Enabled |
| View Tasks | "View your own tasks plus tasks assigned to others at your location" - CRITICAL: Must see all tasks at assigned locations, not just their own tasks |
| Change Task Status | ✓ Enabled |
| Manage Tasks | ✓ Enabled - Can assign tasks to locations |
| Access Operations Templates | ✓ Enabled - Needs to review submissions |
| Manage Templates | ✗ Disabled (unless they need to create templates) |
| Access Reporting | ✓ Enabled - Needs regional analytics |
| Location Membership | Assigned to all locations in their region - This controls what data they see |
3. Store Employee / Basic User
Purpose: Front-line employee who completes assigned checklists and tasks but has limited visibility into broader operations.
Key Responsibilities:
- Complete assigned checklists
- Mark tasks as complete
- View only their own assigned work
| Permission | Setting |
|---|---|
| Access Tasks | ✓ Enabled |
| View Tasks | "View your own tasks only" - Should NOT see what's assigned to others |
| Change Task Status | ✓ Enabled - Needs to mark tasks complete |
| Manage Tasks | ✗ Disabled - Should not create or assign tasks |
| Access Operations Templates | ✓ Enabled - Needs to complete checklists |
| Manage Templates | ✗ Disabled |
| Access Reporting | ✗ Disabled (or limited to own submissions) |
| View Announcements | ✓ Enabled - Needs to see location announcements |
| Recommended Home Screen | Location Pulse Dashboard - Simple view of their tasks only |
4. Operations Manager / Director of Operations
Purpose: Senior leadership role responsible for operational strategy, template creation, and workspace-wide oversight.
Key Responsibilities:
- Create and manage templates
- Build and schedule projects
- View all tasks and submissions across the organization
- Access comprehensive analytics and reporting
| Permission | Setting |
|---|---|
| Access Tasks | ✓ Enabled |
| View Tasks | "View all tasks" - Full visibility across all locations |
| Change Task Status | ✓ Enabled |
| Manage Tasks | ✓ Enabled |
| Access Operations Templates | ✓ Enabled |
| Manage Templates | ✓ Enabled - Needs to create and modify templates |
| Schedule Projects | ✓ Enabled - Creates recurring task schedules |
| Access Reporting | ✓ Enabled - Full analytics access |
| Location Membership | Assigned to all locations in the workspace |
5. Admin / Owner
Purpose: System administrators with unrestricted access to all features, settings, and data. Used for troubleshooting and workspace management.
Important: Admin and Owner roles cannot be edited or deleted as they serve as backup accounts. These roles have a special "Access all grants unrestricted access" permission that bypasses all template-level restrictions.
| Permission | Setting |
|---|---|
| All Permissions | ✓ All Enabled - Full unrestricted access to all features |
| Access All (Unrestricted) | ✓ Enabled - Bypasses template-level access restrictions |
| Manage Users & Teams | ✓ Enabled - Can add, edit, remove users and manage roles |
| Manage Locations | ✓ Enabled - Can create, edit, or delete locations |
| Warning | ⚠️ Only assign to trusted users who need full system access |
Critical Permission Combinations
Certain permission combinations are essential for users to perform their roles effectively. Missing even one permission can prevent users from completing their work.
For Store Managers to Assign Checklists
Required Permissions:
- Access Tasks: ✓ Enabled
- Manage Tasks: ✓ Enabled - Without this, they can't create or assign tasks
- Access Operations Templates: ✓ Enabled - Need to access checklist templates
- View Tasks Scope: "View your own + others at location" - Need to see who tasks are assigned to
For Managers to Action Tasks
Required Permissions:
- Access Tasks: ✓ Enabled
- Change Task Status: ✓ Enabled - Without this, they can see tasks but can't mark them complete
- View Tasks Scope: Must be set appropriately based on which tasks they need to action
For Supervisors to Monitor Performance
Required Permissions:
- Access Tasks: ✓ Enabled
- View Tasks Scope: "View your own + others at location" - CRITICAL for supervisory visibility
- Access Operations Templates: ✓ Enabled - Need to view submissions
- Access Reporting: ✓ Enabled - Need to see performance metrics
- Location Membership: Must be assigned to all locations they supervise
Location Membership: The Critical Layer
While role permissions control what users can do, location membership controls what data they can see. Both must be configured correctly for users to perform their jobs.
Key Principle: A user with "View All Tasks" permission can see tasks from any location in the Xenia workspace (regardless of their Location membership). A user with “"View your own tasks plus tasks assigned to others at your location(s)" permission can only see tasks at locations they have membership to. Location membership always limits data visibility, regardless of role permissions.
Examples:
- Store Employee: Membership to Store 296 only → Can only see data from Store 296
- Regional Manager: Membership to all stores in Division 3 → Can only see data from Division 3 locations
- Director of Operations: Membership to all locations → Can see all data across the workspace
Best Practices for Role Configuration
- Start with the minimum permissions needed: You can always add permissions later, but removing them can disrupt workflows.
- Use descriptive role names: Names like "Store Manager" are clearer than "Role 1" or "Manager A".
- Test with actual users: Create test accounts to verify permissions work as expected before rolling out.
- Document your permission strategy: Keep a reference guide of which roles should have which permissions.
- Review permissions quarterly: As your organization grows, role requirements may change.
- Avoid giving "Manage Templates" to too many users: This prevents accidental template deletions or modifications.
- Use template-level permissions for sensitive data: Even with broad role permissions, restrict specific templates as needed.
- Set appropriate home screens: Different roles benefit from different default views (Location Pulse for stores, analytics for managers).
Troubleshooting Common Permission Issues
"User can't see a template"
Check:
- Role has "Access Operations Templates" permission enabled
- User's role is listed in the template's "Can Submit" section
"Manager can't see their team's tasks"
Check:
- View Tasks permission is set to "View your own + others at location" (not just "View own")
- Manager has location membership to the stores where team members work
"User can see tasks but can't complete them"
Check:
- "Change Task Status" permission is enabled for their role
"Regional Manager can only see one location's data"
Check:
- Location membership - they need to be assigned to all locations in their region
Summary
Effective role configuration in Xenia requires careful attention to both role-based permissions and location membership. By understanding the specific permission requirements for common roles and how these permissions work together, you can create a secure, efficient workspace where every team member has exactly the access they need.
Remember that permissions work in layers: role-based permissions set broad capabilities, template-level permissions provide granular control, and location membership determines data visibility. All three must be configured correctly for users to perform their roles effectively.
Need Help?
If you have questions about configuring roles and permissions in your Xenia workspace, please contact your Xenia Customer Success Manager or reach out to support@xenia.team
Comments
0 comments
Please sign in to leave a comment.