Users & Roles
The Users & Roles page is where you control who can log in to the CRM and what they are allowed to do once inside. It is separate from the Staff page, which manages your team's profiles, booking settings, and the treatments each practitioner offers.
| Page | What it manages |
|---|---|
| Staff | Team directory, profile photos, contact details, booking availability, linked treatment services |
| Users & Roles | CRM login access, role assignments, and the permission matrix that determines what each role can see and do |
A team member can exist on the Staff page without having CRM access. CRM access is granted through the invitation flow and appears here once accepted.
Where to find it: In the left-hand sidebar, click Users & Roles.
Only owners can change roles, revoke access, and edit the permission matrix. All other roles can view the page but cannot make changes.
The two tabs
The page has two tabs: Active Users and Roles & Permissions.
Active Users tab
Stats row
At the top of the tab is a row of count cards — one for each role — showing how many active CRM users currently hold that role. The cards cover: Owners, Managers, Practitioners, Receptionists, and Glovora Account Managers.
Active users list
Below the stats is the full list of team members who have accepted their invitation and currently have active CRM logins. Each row shows:
- The user's initials avatar
- Full name
- Email address
- Role badge (colour-coded by role)
If you are logged in as an Owner, two action buttons appear on the right of each row:
- Change Role — opens a dialog to update the user's CRM role
- Revoke — opens a confirmation dialog to remove the user's CRM login
These buttons are not visible to other roles.
Pending invites section
If any team members have been sent an invitation but have not yet accepted it, they appear in a separate Pending Invite section below the active list. These users are identified by an amber "Pending invite" badge. They do not yet have CRM access and are not counted in the stats row.
All six roles
| Role | Badge colour | Description |
|---|---|---|
| Owner | Purple | Full access to all settings, billing, payouts, and team management. Maximum 4 per clinic. |
| Manager | Blue | Can manage staff, treatments, memberships, appointments, and clinic settings. No billing access. |
| Practitioner | Green | Can manage treatments, memberships, rewards, patients, and appointments. |
| Receptionist | Orange | Can view patients and manage appointments and check-ins. |
| Staff | Grey | Basic access to view patients and check-ins only. |
| Glovora Account Manager | Yellow | Glovora Account Manager — sets up clinic branding, treatments, and app configuration. No access to patient or financial data. |
The Glovora Account Manager role is reserved for Glovora staff who assist with onboarding and configuration. It should not be assigned to clinic team members.
How to change a role (owner only)
- On the Active Users tab, find the team member whose role you want to change.
- Click Change Role on their row.
- In the dialog that opens, select the new role from the dropdown. The role description shown beneath the dropdown updates as you select different options.
- Click Save Role.
The change takes effect immediately. The team member's access level updates the next time they perform an action in the CRM.
How to revoke access (owner only)
Revoking access removes a team member's ability to log in to the CRM. It does not delete their staff profile — their name, contact details, and booking settings are preserved and they can be re-invited at any time.
- On the Active Users tab, find the team member.
- Click Revoke on their row.
- A confirmation dialog appears: "[First name] [Last name] will immediately lose their CRM login. Their staff profile will remain intact and they can be re-invited later."
- Click Revoke Access to confirm, or Cancel to go back.
The team member disappears from the Active Users list immediately. If they attempt to use the CRM, they will be logged out.
Revocation takes effect immediately. The team member does not receive a notification. If they are logged in when you revoke access, their session will not be terminated mid-action, but they will be unable to log in again after that session expires.
Roles & Permissions tab
The Roles & Permissions tab shows a full permission matrix — a table with all roles across the top and all configurable permissions down the left side. The Owner column always shows a tick with a padlock and cannot be changed. The remaining five roles have live toggles that owners can adjust.
The card description reads: "Customise what each role can do in the CRM. The Owner role always has full access and cannot be changed. Changes save immediately."
Only owners can interact with the toggles. If you are not an owner, the toggles are visible but disabled.
Below the matrix is a set of role description cards — one per role — showing the display name and a plain-language summary of what each role is intended for.
The 13 configurable permissions
| Permission | What it controls |
|---|---|
| View client profiles | Whether the role can open patient profiles and see their details in the CRM |
| Edit client profiles | Whether the role can update patient information (name, contact details, notes) |
| Add new patients | Whether the role can create a new patient record manually in the CRM |
| Delete patients | Whether the role can permanently remove a patient record from the CRM |
| Issue refunds | Whether the role can process refunds on orders in the CRM |
| Cancel memberships | Whether the role can cancel an active patient membership |
| Write staff notes | Whether the role can add internal staff notes to a patient's profile |
| Delete staff notes | Whether the role can delete staff notes that have already been written |
| Adjust Beauty Bank balance | Whether the role can manually add or remove funds from a patient's Beauty Bank cash wallet |
| View dashboard | Whether the role can access the main revenue and activity dashboard |
| View payouts page | Whether the role can view the Payouts section showing clinic payment disbursements |
| Access app builder | Whether the role can access the App Builder to manage treatments, memberships, packages, and other patient app content |
| Manage staff | Whether the role can add, edit, and manage team members on the Staff page |
Default permissions for each role
The table below shows the system defaults. Owners can toggle any of these on or off for their clinic. Changes apply immediately and override these defaults.
| Permission | Manager | Practitioner | Receptionist | Staff | Glovora AM |
|---|---|---|---|---|---|
| View client profiles | On | On | On | On | Off |
| Edit client profiles | On | On | Off | Off | Off |
| Add new patients | On | Off | On | Off | Off |
| Delete patients | Off | Off | Off | Off | Off |
| Issue refunds | Off | Off | Off | Off | Off |
| Cancel memberships | On | Off | Off | Off | Off |
| Write staff notes | On | On | On | On | Off |
| Delete staff notes | On | Off | Off | Off | Off |
| Adjust Beauty Bank balance | On | Off | Off | Off | Off |
| View dashboard | On | On | On | On | On |
| View payouts page | Off | Off | Off | Off | Off |
| Access app builder | On | On | Off | Off | On |
| Manage staff | On | Off | Off | Off | Off |
Permissions apply at the role level, not per individual. If you turn on a permission for the Receptionist role, every Receptionist in your clinic gains that ability. There is no way to grant a permission to one specific person without first changing their role or adjusting permissions for the entire role.
How toggles save
Permission changes save immediately — there is no separate Save button on this tab. The moment you flip a toggle, the change is written to the database and takes effect for every user who holds that role. There is no confirmation step and no way to preview the change before it applies.
Because changes are instant and there is no undo, be careful when toggling permissions for roles that have many active users. Turning off "View client profiles" for the Receptionist role, for example, would immediately prevent all receptionists from opening patient profiles.
Common mistakes
Confusing the Staff page with Users & Roles The Staff page manages people as team members — their profiles, contact details, and booking availability. Users & Roles manages who can log in to the CRM and what they can do. A person must first be on the Staff page before they can be invited, but adding someone to the Staff page does not automatically give them CRM access. Use the Staff page to invite them; use Users & Roles to manage their role after they have accepted.
Expecting role changes to take effect immediately for active sessions When you change a role, the update applies to the user's next authenticated action. If the team member is actively using the CRM at the time, they may retain their previous access level until their session refreshes. For sensitive changes, ask the team member to log out and back in.
Toggling permissions and expecting it to affect only one person Permissions are set at the role level. Turning a permission on or off changes it for every user who holds that role — there is no per-person override. If you need different access levels for two people in the same role (for example, two practitioners with different note-writing privileges), you would need to assign them to different roles.
Assuming revoking access removes the person from the system Revoking CRM access only removes login access. The team member's staff profile, their historical appointment records, and their association with patients all remain in place. They can be re-invited at any time by going to the Staff page and sending a new invitation.
Granting the Glovora Account Manager role to clinic staff The Glovora Account Manager role is intended for Glovora employees who assist clinics during onboarding. It gives access to the App Builder and clinic settings but deliberately excludes all patient and financial data. It should not be used for regular clinic staff — use Manager or Practitioner instead.