Skip to content
Contact Us
  • There are no suggestions because the search field is empty.

User Access Management and Permissions

Platform: Both (Web Application and Mobile App) 
User Type: Org Admin (full user management) / Admin (limited user management) 
Difficulty: Intermediate
Estimated Time: 15 minutes
Last Updated: September 2025

Quick Summary

Master Dayworkbook's two-tier access system: organisation-level permissions that define what users can do platform-wide, and job-specific access that controls which projects they can see. Learn to invite team members with appropriate permission levels, then grant them access to specific jobs as needed for secure, efficient team management.

What You'll Learn

  • Understand Dayworkbook's two-tier access control system
  • Set organisation-wide permission levels that apply across all jobs
  • Control job-specific access independently of permission levels
  • Invite new team members and configure their access appropriately
  • Manage user access through job creation and user management screens
  • Implement security best practices for team access control

Before You Start

Prerequisites:

  • Org Admin or Admin permissions within your Dayworkbook organisation
  • Clear understanding of team members' roles and required access levels
  • Authority to grant access to organisation data and specific projects

You'll Need:

  • Email addresses for team members you want to invite
  • Understanding of each team member's job responsibilities
  • Clear policies on user access and data security
  • Knowledge of which jobs each team member should access

Understanding Dayworkbook's Two-Tier Access System

The Two Access Levels Explained

Dayworkbook uses a sophisticated access control system with two distinct, independent levels:

Tier 1: Organisation-Level Permissions (What They Can Do)

Set once per user and applies to every job they can access:

  • Org Admin: Complete organisation control + automatic access to all jobs
  • Admin+Billing: Full platform management + billing features
  • Admin: Full platform management without billing access
  • Standard: Create and edit daywork sheets
  • Read Only: View-only access to assigned content
  • Inactive: No platform access
Tier 2: Job-Specific Access (Which Jobs They Can See)

Controlled separately by admins for each user:

  • Users are invited/granted access to specific jobs
  • Access can be all jobs or selected jobs only
  • Can be configured during job creation or in User Access screen
  • Independent of permission level - Standard users can access any job they're given

🎯 Critical Point: A user's permission level (Standard, Admin, etc.) cannot be changed for individual jobs - it's the same across ALL jobs they can access. Admins control which jobs users can see separately.

How the Two Tiers Work Together

Real-World Examples:

Sarah (Standard User + Jobs A, C access):

  • Can create/edit daywork sheets (Standard permissions)
  • Only sees Jobs A and C in her job list
  • Has Standard-level capabilities on both jobs

Mike (Admin+Billing + Jobs B, D access):

  • Has admin powers and billing access (Admin+Billing permissions)
  • Only sees Jobs B and D he's been assigned
  • Can use all admin features on those two jobs

Lisa (Org Admin):

  • Has complete organisation control (Org Admin permissions)
  • Automatically sees ALL jobs regardless of assignments
  • Cannot have job access restricted

🎯 Key Insight: Higher permission levels don't automatically grant access to more jobs (except Org Admin)

Organisation-Level Permission Roles Detailed

Org Admin (Organisation Administrator):
  • Highest Permission Level: Complete control over organisation account
  • Organisation Management: Company details, branding, account settings
  • Payment Authority: Sheet credits, billing, account management
  • Full User Management: Invite, modify, and deactivate all team members
  • Automatic Job Access: Sees ALL jobs without needing specific assignments
  • Primary Contact: Designated contact for account administration
Admin+Billing (Administrator + Billing):
  • Administrative Access: All Admin capabilities plus billing authority
  • Billing Features: Generate billing reports, view financial data
  • User Management: Invite and manage team members (except Org Admin functions)
  • Job Access: Must be specifically assigned to jobs (doesn't see all automatically)
  • Financial Visibility: Access rates, costs, and billing information
Admin (Administrator):
  • Platform Management: Full platform functionality management
  • User Management: Invite and manage team members with appropriate permissions
  • Directory Management: Full control over clients, labor, equipment, materials
  • Job Access: Must be specifically assigned to jobs
  • No Financial Access: Cannot view rates or generate billing reports
Standard:
  • Regular User Access: Create, edit, and submit daywork sheets
  • Job Participation: Full daywork capabilities on assigned jobs
  • Directory Usage: Use configured directory items but cannot modify them
  • Job Access: Must be specifically assigned to jobs
  • No Management Functions: Cannot invite users or access admin features
Read Only:
  • View-Only Access: Can view information but cannot create or modify data
  • Job Visibility: Read-only access to assigned jobs and daywork sheets
  • No Creation Rights: Cannot create jobs, sheets, or directory items
  • Observer Role: Suitable for stakeholders needing visibility without operational access
  • Job Access: Must be specifically assigned to jobs
Inactive:
  • Disabled Access: Account deactivated, cannot access platform
  • Data Preservation: Historical contributions remain in system
  • Reactivation Possible: Can be changed back to active if needed
  • Cost Effective: Don't count towards user limits

Step-by-Step Instructions

Step 1: Access Team & Access Management

Navigate to user management:

  1. From Web Application: Go to Settings > Team & Access
  2. From Mobile App: Navigate to Settings > Team & Access
  3. Review Current Team: See all team members with their permission levels and job access

Team Overview Shows:

  • User List: All team members with permission roles
  • Permission Matrix: Visual representation of capabilities by role
  • Job Access Summary: Which users can access which jobs
  • User Status: Active, inactive, and pending states

Step 2: Invite New Team Members

Add new users using the two-tier approach:

Complete the Invitation Process:
  1. Enter User Information:
    • Email Address: Team member's business email address
    • Personal Details: First name, last name, phone number
    • Position: Job title for reference purposes
  2. Set Organisation-Wide Permission Level:
    • Choose Role: Select from Org Admin, Admin+Billing, Admin, Standard, or Read Only
    • Remember: This permission level applies to ALL jobs they'll access
    • Cannot Change Per Job: This is their capability level organisation-wide
  3. Configure Initial Job Access:
    • All Jobs: Give access to every current and future job
    • Specific Jobs: Select individual jobs for this user
    • Start Minimal: Can always add more job access later
    • Consider Security: Only grant access to jobs they truly need
  4. Send Invitation: Click "Send Invite" to dispatch invitation email

Invitation Process:

  • Email Delivery: Secure invitation sent to specified address
  • Account Creation: User creates password and confirms details
  • Immediate Access: User gains access once account is confirmed
  • Access Applies: Both permission level and job access take effect immediately

💡 Pro Tip: Start with minimal job access and expand as needed - it's easier and more secure

Step 3: Manage Job Access (Two Methods)

Control which jobs users can access:

Method 1: During Job Creation

When creating jobs, admins choose:

  1. "Allow all users access": Every current team member can see this job
  2. "Add specific users": Select individual team members for access
  3. Future Flexibility: Job access can be modified later without affecting permissions

Best for: New projects where you know the team composition

Method 2: User Access Management Screen

Manage access after users and jobs exist:

  1. Navigate to Settings > Team & Access
  2. Click on Individual User: See their current job access list
  3. Modify Job Access: Add or remove access using checkboxes
  4. Save Changes: Job visibility updates immediately
  5. Permission Level Unchanged: User capabilities remain the same

Best for: Ongoing access management and project reassignments

Step 4: Modify User Permission Levels

Change organisation-wide capabilities:

Permission Level Changes:
  1. Select User: Click on team member in user list
  2. Edit Role: Change permission level using dropdown
  3. Consider Impact: Higher permissions affect ALL accessible jobs
  4. Save Changes: New permission level applies immediately across all jobs
Important Considerations:
  • Access vs Permissions: Changing permission level doesn't change job access
  • Capability Changes: User gains/loses features across ALL their jobs
  • Security Impact: Higher permissions increase access to sensitive features
  • Immediate Effect: Changes take effect immediately

⚠️ Watch Out: Permission changes affect user capabilities on every job they can access

Step 5: Monitor and Maintain Access Control

Implement ongoing access management:

Regular Access Reviews:
  • Monthly Reviews: Check user access patterns and needs
  • Job Access Audits: Ensure users only access necessary projects
  • Permission Appropriateness: Verify permission levels match job requirements
  • Security Compliance: Maintain principle of least privilege
User Activity Monitoring:
  • Login Tracking: Monitor platform usage patterns
  • Job Participation: Track which jobs users actively work on
  • Feature Usage: Understand how permission levels are utilised
  • Access Optimisation: Adjust access based on actual needs
Security Best Practices:
  • Immediate Deactivation: Disable access for departing team members
  • Project-Based Access: Grant job access based on actual project involvement
  • Regular Permission Review: Ensure permission levels align with current roles
  • Documentation: Maintain records of access changes and justifications

Understanding Common Scenarios

Scenario 1: New Project Manager

  • Permission Level: Admin (needs platform management capabilities)
  • Job Access: Only assigned to specific projects they manage
  • Result: Full admin capabilities but only on relevant jobs

Scenario 2: Field Worker

  • Permission Level: Standard (create/edit daywork sheets)
  • Job Access: Multiple jobs across different clients
  • Result: Standard capabilities across all assigned jobs

Scenario 4: Finance Team Member

  • Permission Level: Admin+Billing (needs billing report access)
  • Job Access: All jobs (needs organisation-wide financial visibility)
  • Result: Can generate billing reports across all projects

Troubleshooting Common Issues

Problem: User has Admin permissions but can't see expected jobs 
Cause: Admin users don't automatically see all jobs - they need specific job access 
Solution: Navigate to User Access, click on the user, and grant access to required jobs. Only Org Admin automatically sees all jobs.

Problem: Want to give user admin powers on one job but Standard on others
Cause: Permission levels can't be changed per job - they're organisation-wide 
Solution: This isn't possible in Dayworkbook. Permission levels apply across all accessible jobs. Consider if they truly need Admin permissions organisation-wide.

Problem: New user can't access job they were told about 
Cause: User was invited but not given access to that specific job 
Solution: In User Access screen, click on the user and add them to the specific job while maintaining their permission level.

Problem: User sees jobs they shouldn't have access to 
Cause: User was given "all jobs" access or has Org Admin permissions 
Solution: Review their job access settings. Remove specific job access or reduce permission level if they have broader access than needed.

Problem: Cannot modify another user's permissions 
Cause: Insufficient permissions to manage other users 
Solution: Only Admin+ roles can modify user permissions. Contact your Org Admin if you need user management capabilities.

Problem: Invited user cannot generate billing reports despite having Admin access 
Cause: Admin role doesn't include billing permissions 
Solution: Change user role to Admin+Billing or Org Admin to enable billing report generation.

What's Next?

With effective access management established:

  1. Develop Access Policies - Create formal guidelines for permission levels and job access
  2. Train Team Members - Ensure everyone understands their role and access limitations
  3. Regular Access Audits - Schedule periodic reviews of user permissions and job access
  4. Optimise Workflows - Align access controls with operational efficiency needs

Related Articles

Still Need Help?

If this article didn't solve your issue: