- Advanced Authentication + User Management
Once you've created custom roles, add permissions. Permissions define the level of access a user has to specific features in Robin. Access and management permissions can be scoped to include certain locations or spaces within a location. Roles and their corresponding permissions are additive and can be applied to an individual user or to a group.
Watch our quick overview video to see how it works!
By default, the member role allows every member to book all spaces and desks, create office activities, and manage activities they've created. When using custom roles, we recommend removing these permissions from the default member role and specifying them per role.
How it works
If users shouldn’t have access to a feature, removing all locations from the “Include” list will remove the permission. For example, this role cannot reserve desks because all locations have been removed and no locations are specified.
Exclusions allow admins to remove specific entities from locations on the include list. For example, as an admin you want to allow users to have access to all desk spaces in Boston except for the 2nd floor, it would look like this:
Admins, navigate to Manage > Roles and select the role you'd like to edit. Then scroll down to view the Permissions settings.
Users with multiple roles
How it works-- the actions that a user is allowed to do is the sum of all the things their roles and groups allow them to do. If the user belongs to any groups with a role that allows for something (e.g. booking a room) then the user will be able to do it — even if another role doesn't grant this permission.
For example: if Role A has access to edit billing and Role B does not, but a user is tied to both roles, they will have access to edit billing.
Indicate whether users and groups with this role can see the Billing page (Manage > Billing) and whether they can edit any of the information found there.
Note: If you give the role edit access, that means they can edit all fields in Billing. There are not granular permissions for each field. For example, you can’t grant access to edit the credit card number but not the subscription plan.
The Access page is where you can create Office Passes and review the Daily Roster. Indicate whether users and groups with this role can view only or can edit & manage the Access page. The view-only permission is a read-only view of your organization's Office Passes and Daily Roster, with the exception of accessibility to the Daily Roster CSV export functionality. The edit permission allows users to manage, create, and modify your organization's Office Passes and grants all access to Daily Roster.
Note: Users with view and/or edit permissions for Access will see the "Manage" tab, but they will only have the option to manage features they've been granted access to on the "Manage" page.
Indicate whether users can view and/or edit all members of the organization. This permission is required in order to use the "Favorites" feature.
Note, the People permission is permanently granted to global admins and owners and cannot be edited.
Indicate whether users can access the interactive Workweek page on the Schedule tab. When this permission is revoked, users can't access activities or see people's office plans. The Schedule tab is visible but defaults to the "My meetings" page.
Note, the Workweek permission is permanently granted to global admins and owners and cannot be edited.
Users with this permission can create, edit, and delete members on the Groups page, including private groups.
Indicate whether users can edit room and/or desk amenity configurations for the office.
Hybrid Work Policy
Indicate whether users can create and edit hybrid work policies for the company.
Manage Offices & Maps
Indicate whether users and groups with this role can create, update, and delete buildings, spaces, desks, amenities, etc. Use “Include” and “Exclude” to call out specific office locations the user/group permissions apply to.
For example, Tom is an admin for the Boston office. Tom can add, edit, & remove spaces and seats, amenities, settings, etc in the Boston office, but NOT in the London office.
Note: Users with this custom permission but without the Admin role have limited access. They will not see the primary
Managetab at the top of the dashboard. Users with this custom permission will only be able to access space-level management.
View health checkpoints
Indicate whether users and groups with this role can view the health checkpoint survey and for what office buildings.
Manage health checkpoints
Indicate whether users and groups with this role can create, update, export & delete health checkpoint surveys and for which office buildings.
Indicate whether users and groups with this role can create, update, and archive announcements and specify and for which office buildings.
Indicate whether users and groups with this role can create activities and edit or cancel activities they've created and for which office buildings. By default, all user roles have this permission. Note, when the Activity Creation permission is changed, it will take ~5-10 minutes for the "Create Activity" button to be removed or added.
Indicate whether users and groups with this role can edit or cancel activities created by anyone and for which office. Global admins and owners have this permission by default.
Indicate whether users & groups with this role can view the devices page and for which office buildings.
Indicate whether users & groups with this role can add new devices, edit devices & their settings, and delete devices and for which office buildings.
The default permission must be revoked for default roles (admin, members, owner), and then enabled for a custom role if only certain people should be allowed to perform an action.
Indicate what areas of the office a role has permission to schedule in. Use “Include” and “Exclude” to call out specific locations or spaces a role can book.
Bypass space booking policies
Select what buildings a role can bypass space booking policies and what buildings they may not ( e.g., meeting duration limitations). This setting would be most useful for office managers, executive assistants, or other folks who manage scheduling for other people.
The "Bypass space booking policies" permission does not include the ability to bypass room scheduling check-ins for meetings. Notice the "Skip check-in" permission is a separate permission.
Indicate what areas of the office a role has permission to skip checking into a meeting to confirm it's actually taking place. This permission is applicable to offices that enforce the abandoned meeting protection feature. People with this permission will not have room reservations automatically unbooked if they forget to check-in within the specified time. This setting is most useful for executives and other team members whose meetings should remain on the calendar.
How this works:
By default, all unconfirmed meetings will be automatically unbooked when the Abandoned Meeting Protection setting is enabled
All non-recurring meetings organized by members with this permission will be confirmed automatically, and will not be canceled.
Note: The Skip Check-in functionality does not apply to recurring meetings.
View Event Details
Indicate what areas of the office a role has permission to see the event title, organizer, and attendees for all events except those marked “private”. This permission excludes access to meeting notes.
How this works:
When this permission is disabled for users then they're only able to view meeting details for events they're explicitly invited to. Meaning users can only see that the space is reserved for the meeting duration for events they're not invited to.
Users with this permission enabled can see the event title, organizer & attendees for all events, including ones they're not invited to, except those marked “private”. This permission excludes meeting notes.
By default, admins are able to view all details, including meeting notes, for all events.
Members are only able to view meeting notes for events they’re explicitly invited to.
Indicate what areas in the office a role has permission to edit or delete events they wouldn't normally be able to. Like bypassing policies, this setting is handy for people who manage scheduling for others. People with permission may edit details or cancel events within the designated space(s) or location(s). Note that some event changes may require the user to have additional permissions within Google, Office 365, or Exchange.
How this works:
Members without this permission are able to manage only the events they have created
Members with this permission will be able to manage all events
Admins are able to manage all events by default
Note: These booking permissions are only enforced when a user tries to reserve a space through Robin (web, mobile, plugin).
Approve or deny space requests
Indicate what areas of the office a role has permission to approve or deny meeting requests for "request only" spaces.
Indicate what areas of the office a role has permission to reserve hot or hotel desks. Use “Include” and “Exclude” to call out specific locations or areas within the office a role can reserve a desk in.
Indicate what areas of the office a role has permission to reserve an assigned desk. Use “Include” and “Exclude” to call out specific locations or spaces a role can reserve assigned seating.
(This permission is necessary for any custom "admin" roles that need the ability to manage seat assignments in particular offices. You must specify the building locations.)
Bypass desk booking policies
Indicate what areas of the office a role has permission to bypass existing booking policies. Use “Include” and “Exclude” to call out specific locations or spaces.
Select the check box to allow users to assign & reserve desks for others.
(This permission is necessary for any custom "admin" roles that need the ability to manage seat assignments in particular offices.)
Select the checkbox to allow members to view all members of your organization from the People tab in the top ribbon of the web dashboard. This permission is required to use the "Tag your favorites/people finding" feature on the mobile app.
By default, only admins and owners can view the analytics page. Deselect the checkbox to hide the page from particular admins or select the checkbox to grant access to particular members or roles. Note: The default member role does not have permission to view the analytics page.
By default, all global admins/owners have access to the Visit tab. Deselect the checkbox to hide the Visitors page from particular admins or select the checkbox to grant access to specific custom roles. This gives access to view the entire visit log for any building and register guests for any building.
Select the check box to allow users to add meeting services to events. By default, all users have permission to add workplace services to events. If unchecked or disabled, the workplace service field will no longer populate in the event composer.
The Reset role
If you've manipulated the permissions for the global roles (member, admin & owner) and need to restore their "out of the box" basic permissions, use the Reset role option. This will only reset the default global roles, not custom roles.
Examples of Roles & permission examples
You’ll find a few common scenarios below. Remember that by default the Member role grants permission to book everything.
“Everyone can book everything in our organization”
Change nothing. The Member role allows this by default.
“Alice shouldn't be able to book anything except for on the 6th floor of Building A.”
- Modify the default Member role, removing the ability to book all spaces.
- Create a new role that's allowed to book anything on the 6th floor.
- Assign the role to a group, and add Alice to the group.
“People in the Marketing group can book anything on the 6th floor except for two rooms, Council Chamber and the Knight Conference.”
- Modify the default Member role, removing the ability to book all spaces.
- Create a role that's allowed to book anything on the 6th floor.
- For that same role, add two exclusions for the Council chamber & the Knight Conference room.