Understanding Roles and Permissions

Configure ABAC roles with granular permissions for your team.

Roles and Permissions

ZonaPlan uses Attribute-Based Access Control (ABAC) with customizable roles.

Default Roles

Every organization gets four default roles:

**Admin** — Full access - Can manage all projects, tasks, invoices, work orders, and settings - Can invite and remove team members - Can edit roles and permissions

**Assistant** — Broad access - Similar to admin but may have restrictions on sensitive operations - Good for office managers and project coordinators

**Foreman** — Field-focused - Can manage tasks, crew, clock entries, and daily closeouts - Limited access to financial details - Good for field supervisors

**Crew** — Task-focused - Can view assigned tasks and clock in/out - Cannot modify project settings or view financial data - Good for field workers

Customizing Roles

1. Go to **Settings** → **Roles**
2. Click on a role to edit its permissions
3. Toggle permissions per resource and action

Available Resources

Permissions can be set for: projects, tasks, clock entries, invoices, work orders, change orders, vendors, punch list items, notes, and more.

Creating Custom Roles

1. Go to **Settings** → **Roles**
2. Click **Create Role**
3. Name the role and set permissions
4. Assign team members to the new role