- 04 Jul 2023
- 1 Minute to read
- Print
- DarkLight
- PDF
Security and permissions
- Updated on 04 Jul 2023
- 1 Minute to read
- Print
- DarkLight
- PDF
At BookingTimes, we take data security extremely seriously. Your data security is only as strong as your weakest link. You will need to determine what level of data is appropriate for those with system access to see, and restrict the rest.
Restrictions can include:
- Financial data
- Client contact details
- Other staff's data
- Menu access
- Report Access
- Schedule Modification Access
The way we restrict this within the system is via Role types, which are logical groupings for the different users of your system. Examples include:
- Super user/owner
- Admin
- Instructor
- Marketing
This article outlines the various steps required for you to set this up for your system. This will include:
- Setting up the relevant role types for your business
- Assigning staff to the correct role type
- Assigning and managing the permissions to each role type
Managing permissions for role types
Steps
- Navigate to Setup > Accounts & Security > Manage Permissions
- Toggle each dot green that you want each Role Type to have access to, and untoggle the dot to transparent for data you don't want them to have access to
You can hover over the Role Permissions question mark icon on the left of each item for more information about that security setting.
Create role types
Steps
- Navigate to Setup > Accounts & Security > Manage Permissions
2. Click Manage Roles
3. Click Add Role and enter the new Role Name
Assigning staff security role types
Steps
- Navigate to Setup > Accounts & Security > Staff & Admins
- Select the relevant staff member
- Select the relevant security role from the Role Type drop down
Security considerations
Protecting your business
- Letting staff alter their previous schedules may affect their commissions.
- Letting staff have access to all payment methods (e.g. EFT) may let them incorrectly record payments while pocketing cash.
- Giving them unrestricted access to reports may help them to take clients from your business to start their own. Note: you should have strong agreements in place to stop this from happening.
- Consider limiting staff access to change prices during a sale or booking. In some cases, staff have given friends large discounts for services.
Protecting client data
- Accounts must not be shared. You need to be able to track who looks at client data and is making changes to your system.
- Consider restricting staff's access to only those clients that they have seen to ensure any data breach is restricted to a smaller pool of clients.