Setting Up Roles and Permissions for Your Construction Team

A construction company has many different roles — owners, project managers, foremen, assistants, and crew. Each role needs access to different information and capabilities. A foreman needs to manage tasks and crew schedules, but probably shouldn't be editing invoices. A crew member needs to clock in and view their tasks, but doesn't need to see project financials.

Why Permissions Matter

• **Data security**: Sensitive financial information stays with authorized personnel
• **Reduced errors**: Users can only modify what they're responsible for
• **Cleaner experience**: Each user sees a focused interface for their role
• **Compliance**: Audit trails show who did what with proper authorization

ZonaPlan's Role System

ZonaPlan uses attribute-based access control (ABAC) with four default role templates:

Admin Full access to everything — projects, financials, team management, settings.

Assistant Broad access similar to admin, but may have restrictions on sensitive operations like deleting projects or managing billing.

Foreman Field-focused access — can manage tasks, crew, clock entries, and daily closeouts. Limited access to financial details.

Crew Task-focused access — can view assigned tasks, clock in/out, and submit photos. Cannot modify project settings or view financial data.

Customizing Roles

The default templates are starting points. You can:

• Edit permissions on any default role
• Create entirely new roles for your specific needs
• Control access at a granular level (view vs. edit per resource)
• Resources include: projects, tasks, clock entries, invoices, work orders, change orders, vendors, and more

Best Practices

1. **Start with defaults**: The four default roles cover most organizations
2. **Customize gradually**: Adjust permissions as you discover specific needs
3. **Review regularly**: As your team grows, review who has access to what
4. **Use the principle of least privilege**: Give each role only the access it needs