Help CenterAdministrationRoles
Back to Help Center
Administration

Roles

How to define roles and manage permissions

Roles determine what each user can do within your account. By defining roles with specific permissions, you control access to features like managing companies, editing locations, or creating posts.

How roles work

Gridwork uses a three-tier role system:

  • Super Admin — Full system-wide access. Bypasses all permission checks.
  • Account Admin — Full access within the current account.
  • Company User — Access limited to specific permissions assigned through roles.

Each user is assigned a global role when they join an account. For more granular control, you can also assign permissions scoped to a specific company or location.

Viewing roles

Navigate to Admin → Roles in the sidebar. The page lists all custom roles defined for your account, along with their assigned permissions.

Creating a role

  1. Click Define Role.
  2. Enter a name and slug for the role.
  3. Optionally set a scope hint to indicate the intended scope (e.g., company-level, location-level).
  4. Check the permissions this role should grant. Available permissions include:
    • manage_companies — Create, edit, and delete companies.
    • manage_locations — Create, edit, and delete locations.
    • manage_employees — Manage employee profiles and CVs.
    • manage_services — Define and assign services.
    • manage_posts — Create and edit marketing posts.
    • Additional permissions as configured for your account.
  5. Click Save to create the role.

Editing a role

Click any role in the list to update its name, slug, or permissions. Changes take effect immediately for all users assigned to that role.

Tip: Be deliberate when changing permissions on an existing role — every user with that role will gain or lose access immediately.

Assigning roles to users

After creating a role, assign it to users in User Management. Each user gets one global role per account.

Granular permission assignments

For finer control, you can assign roles at the company or location level. This means a user could be a general viewer across the account but have editing rights for a specific company. Granular assignments are managed alongside user roles.

Still need help? Contact support

Related Articles

API Management
Browse all articles