Tektoro EMS Logo
Sign In

Roles and Permissions

Understanding user roles, member types, and the permission system in TekToro.

TekToro uses a combination of member types, roles, and granular permissions to control what each user can see and do within a workspace.

Member Types

Every user in a TekToro workspace is assigned a member type:

  • Employee — A full team member on your payroll, with access to internal tools and features.
  • Contractor — An external or self-employed team member who submits work tickets and manages their own invoicing.
  • Client — A portal-only user representing one of your clients, with restricted access to view their invoices, projects, and approved work items.

Role Hierarchy

Within each member type, users are assigned a role that determines their level of access:

  • Owner — Full control over the workspace, including the ability to transfer ownership and delete the account. Each workspace has one primary owner.
  • Admin — Manages all settings, approves invoices, configures HR records, and customizes permissions for other roles.
  • Manager — Oversees team activity, approves tickets, manages projects, and views team-level dashboards.
  • Basic — Performs day-to-day work such as creating tickets, viewing assigned projects, and managing personal notes.
  • Viewer — Read-only access to the workspace.

Users cannot assign a role higher than their own when inviting new members.

Granular Permissions

Administrators can customize exactly what each role can do using the permission matrix, accessible from Members > Roles and Permissions. Permissions are organized by feature area:

  • Client Management — View clients, view all clients, create, update, delete, invite to portal, manage settings, manage service rates.
  • Project Management — View all projects, create, update, delete projects.
  • Task Management — View all tasks, create, update, delete tasks.
  • Invoicing — View invoices, view master invoices, view approved tickets.
  • HR Management — View, create, update, delete HR records, view contract rates.
  • Calendar — View events, create global events, edit and delete global events.
  • Documents — Upload and delete documents.
  • Notes — Share notes with team members, share notes with client contacts.
  • Roles and Members — Manage roles, manage member invitations.

How Permissions Affect Visibility

Permissions do more than control actions — they also filter what data you can see. For example:

  • A user without the clients.view_all permission will only see clients linked to projects they are a member of.
  • A user without the hr.view permission will not see HR documents in the document library.
  • Client portal members can only see data belonging to their specific client.

Permission Sync

Administrators can link permissions together so that enabling one permission automatically enables related ones. This reduces manual configuration when setting up roles for your team.