Adding permissions to roles

Overview

Once you've created custom roles, add permissions. Permissions define the level of access a user has to specific features in Robin. Access and management permissions can be scoped to include certain locations or spaces within a location. Roles and their corresponding permissions are additive and can be applied to an individual user or to a group.

How it works

By default, the member role allows every member to:

• Book all spaces, desks, parking spots, & lockers
• Create office activities & manage activities they've created.

We recommend removing these permissions from the default member role when using custom roles and specifying them per role. 

Inclusions

If users shouldn’t have access to a feature, removing all locations from the “Can” list will remove the permission. 

Exclusions

Exclusions allow admins to remove specific entities from locations on the "Can" list. For example, as an admin, you want to allow users to have access to all desk spaces in Boston except for the 2nd floor. It would look like this:

Users can have multiple roles:

The actions that a user is allowed to do is the sum of all the things their roles and groups allow them to do. If the user belongs to any group with a role that allows for something (e.g., booking a room), then the user will be able to do it — even if another role doesn't grant this permission.

For example, if Role A has access to edit billing and Role B does not, but a user is tied to both roles, they will have access to edit billing.

Managing permissions 

Admins, navigate to Manage > Roles and select the role you'd like to edit. Then, select the different Permissions tabs.

General permissions

Billing

Indicate whether users and groups with this role can see the Billing page (Manage > Billing) and whether they can edit any of the information found there.

Note: If you give the role edit access, that means they can edit all fields in Billing. There are not granular permissions for each field. For example, you can’t grant access to edit the credit card number but not the subscription plan.

Access

The Access page is where you can create Office Passes and review the Daily Roster. Indicate whether users and groups with this role can view only or can edit & manage the Access page.

• The view-only permission is a read-only view of your organization's Office Passes and Daily Roster, with the exception of accessibility to the Daily Roster CSV export functionality.
• The edit permission allows users to manage, create, and modify your organization's Office Passes and grants all access to Daily Roster.
• Note: Users with view and/or edit permissions for Access will see the "Manage" tab, but they will only have the option to manage features they've been granted access to on the "Manage" page.  

Groups

Users with this permission can create, edit, and delete members on the Groups page, including private groups. 

Amenities

Indicate whether users can edit room and/or desk amenity configurations for the office. 

Hybrid Work Policy

Indicate whether users can create and edit hybrid work policies for the company.

Badge integration

Manage Offices & Maps

Indicate whether users and groups with this role can create, update, and delete buildings, spaces, desks, amenities, etc.

• Use “Include” and “Exclude” to call out specific office locations to which the user/group permissions apply.

• For example, Tom is an admin for the Boston office. Tom can add, edit, & remove spaces and seats, amenities, settings, etc, in the Boston office but NOT in the London office.

• Note: Users with this custom permission but without the Admin role have limited access. They will not see the primaryManagetab at the top of the dashboard. Users with this custom permission will only be able to access space-level management. 

View health checkpoints

Indicate whether users and groups with this role can view the health checkpoint survey and for what office buildings. 

Manage health checkpoints

Indicate whether users and groups with this role can create, update, export & delete health checkpoint surveys and for which office buildings. 

Announcements 

Indicate whether users and groups with this role can create, update, and archive announcements, and specify which office buildings.

Activity creation

Indicate whether users and groups with this role can create activities and edit or cancel activities they've created, and for which office buildings. By default, all user roles have this permission.

• Note, when the Activity Creation permission is changed, it will take ~5-10 minutes for the "Create Activity" button to be removed or added. 

Activity management

Indicate whether users and groups with this role can edit or cancel activities created by anyone and for which office.  Global admins and owners have this permission by default. 

View devices

Indicate whether users & groups with this role can view the devices page and for which office buildings.

Manage devices

Indicate whether users & groups with this role can add new devices, edit devices & their settings, and delete devices, and for which office buildings.  

Resource permissions

Space management

Space Booking

Indicate what areas of the office a role has permission to schedule in. Use “Include” and “Exclude” to call out specific locations or spaces a role can book.

Public space bookings

If the building has space booking privacy enabled, the user will still be able to choose between private and public booking. 

Bypass space booking policies

Select what buildings a role can bypass space booking policies and what buildings they may not ( e.g., meeting duration limitations).

• This setting would be most useful for office managers, executive assistants, or other folks who manage scheduling for other people.

• The "Bypass space booking policies" permission does not include the ability to bypass room scheduling check-ins for meetings. Notice the "Skip check-in" permission is a separate permission.

Skip Check-In

Indicate what areas of the office a role has permission to skip checking into a meeting to confirm it's actually taking place.

• This permission is applicable to offices that enforce the abandoned meeting protection feature. 
• People with this permission will not have room reservations automatically unbooked if they forget to check-in within the specified time.
• This setting is most useful for executives and other team members whose meetings should remain on the calendar.  

How this works:

• By default, all unconfirmed meetings will be automatically unbooked when the Abandoned Meeting Protection setting is enabled

• All non-recurring meetings organized by members with this permission will be confirmed automatically, and will not be canceled.

  • Note: The Skip Check-in functionality does not apply to recurring meetings. 

View Event Details

Indicate what areas of the office a role has permission to see the event title, organizer, and attendees for all events except those marked “private”. This permission excludes access to meeting notes. 

How this works:

• When this permission is disabled for users then they're only able to view meeting details for events they're explicitly invited to. Meaning users can only see that the space is reserved for the meeting duration for events they're not invited to. 

• Users with this permission enabled can see the event title, organizer & attendees for all events, including ones they're not invited to, except those marked “private”. This permission excludes meeting notes. 

• By default, admins are able to view all details, including meeting notes, for all events.

• Members are only able to view meeting notes for events they’re explicitly invited to.

Manage Events

Indicate what areas in the office a role has permission to edit or delete events they wouldn't normally be able to. 

• Like bypassing policies, this setting is handy for people who manage scheduling for others. 
• People with permission may edit details or cancel events within the designated space(s) or location(s).
• Note that some event changes may require the user to have additional permissions within Google, Office 365, or Exchange.

How this works:

• Members without this permission are able to manage only the events they have created

• Members with this permission will be able to manage all events

• Admins are able to manage all events by default

Note: These booking permissions are only enforced when a user tries to reserve a space through Robin (web, mobile, plugin).

Approve or deny space requests

Indicate what areas of the office a role has permission to approve or deny meeting requests for "request only" spaces.

Desk management

Desk booking

Indicate what areas of the office a role has permission to reserve hot or hotel desks. Use “Include” and “Exclude” to call out specific locations or areas within the office a role can reserve a desk in.

Public desk bookings

If the building has desk booking privacy enabled, the user will still be able to choose between private and public booking. 

Assign

Indicate what areas of the office a role has permission to reserve an assigned desk. Use “Include” and “Exclude” to call out specific locations or spaces where a role can reserve assigned seating.

• This permission is necessary for any custom "admin" roles that need the ability to manage seat assignments in particular offices. You must specify the building locations.

Delegation

Select the check box to allow users to assign & reserve desks for others.

• This permission is necessary for any custom "admin" roles that need the ability to manage seat assignments in particular offices.

Bypass desk booking policies

Indicate what areas of the office a role has permission to bypass existing booking policies. Use “Include” and “Exclude” to call out specific locations or spaces.

Bypass health checkpoint surveys

Allows the member to skip the health checkpoint survey. 

Parking spots & locker management

Custom resource booking permissions are less granular and cannot be scoped by location. Indicate whether the user role can or cannot do the following:

People permissions

People

Select the checkbox to allow members to view all members of your organization from the People tab in the top ribbon of the web dashboard.

• This permission is required to use the "Tag your favorites/people finding" feature on the mobile app. 

Workweek 

Indicate whether users can access the interactive Workweek page on the Schedule tab.

• Users can't access activities or see people's office plans when this permission is revoked. The Schedule tab is visible but defaults to the "My meetings" page.
• Note that the Workweek permission is permanently granted to global admins and owners and cannot be edited. 

Feature permissions 

Analytics

By default, only admins and owners can view the analytics page.

• Unselect the checkbox to hide the page from particular admins.
• Select the checkbox to grant access to particular members or roles. 
• Note: The default member role does not have permission to view the analytics page. 

Meeting services

Select the check box to allow users to add meeting services to events.

• By default, all users have permission to add workplace services to events.
• If unchecked or disabled, the workplace service field will no longer populate in the event composer. 

Visitor permissions

Deliveries

Roles & permission examples

You’ll find a few common scenarios below. Remember that by default, the Member role grants permission to book everything.

A. “Everyone can book everything in our organization”

1. Change nothing. The Member role allows this by default.

B. “Alice shouldn't be able to book anything except for on the 6th floor of Building A.”

1. Modify the default Member role, removing the ability to book all spaces.
2. Create a new role that's allowed to book anything on the 6th floor.
3. Assign the role to a group, and add Alice to the group.

C. “People in the Marketing group can book anything on the 6th floor except for two rooms, Council Chamber and the Knight Conference.”

1. Modify the default Member role, removing the ability to book all spaces.
2. Create a role that's allowed to book anything on the 6th floor.
3. For that same role, add two exclusions for the Council chamber & the Knight Conference room.

About the Reset role option

If you've manipulated the permissions for the global roles (member, admin & owner) and need to restore their "out of the box" basic permissions, use the Reset role option. This will only reset the default global roles, not custom roles.