Skip to content

How to Configure a Role and Grant Access

Published: · Updated: (12 days ago)· IZI Team

How to Configure a Role and Grant Staff Access in IZI

Section titled “How to Configure a Role and Grant Staff Access in IZI”

Roles are the foundation of staff access control in IZI CRM. IZI ships with one built-in staff role — Administrator — which provides base club-level rights. For every other access profile you need (a cashier, a floor attendant, a shift manager, a network analyst), you create a custom role: give it any name, then select exactly the permissions that profile requires. Once a role is defined, you assign it to any number of staff members in seconds. When your club policy changes — say you want a certain group to see session reports — you update the custom role once and the change reaches every person who holds it automatically.

This matters most in multi-location networks where different clubs may have different operational rules, and where the same employee might need one access level at Club A and a broader level across the whole network. The IZI role system handles this by letting you scope each role assignment to specific clubs or to the entire organization.

You should configure roles before adding staff, because you cannot complete a user profile without selecting at least one role. The whole process follows a simple sequence: create the role → choose its permissions → assign it to a staff member → optionally scope the assignment to specific clubs. The sections below walk through each step in full.

Open Organization Settings from the left-hand menu of the IZI CRM. You will see two related sections:

  • Roles — the list of existing roles and an Add button for creating new ones.
  • Users — the staff list where roles are assigned.

Both sections require the Manage Users and Roles permission, which is included in the built-in Administrator system role and in any role with Full Access enabled.

In the Roles section, click Add. A New Role modal opens with a Role Name field and a Full Access toggle at the top.

The Full Access toggle grants every organization and club permission at once, including the ability to create new clubs and manage users. When it is on, the individual checkboxes disappear — you cannot mix full access with a manual selection.

For most staff you do not want Full Access. Leave the toggle off and select only the permissions the custom role actually needs. This keeps sensitive operations — financial corrections, user management, club creation — out of reach for people who have no business reason to perform them.

The Club Permissions section groups permissions into four blocks. Think of these as what a person can do inside a specific club location.

Core shift operations. Basic Access covers floor, orders, bar, clients, and client groups — the minimum a floor attendant or shift worker needs. Additional permissions in this block unlock specific modules:

PermissionWhat it allows
Basic AccessFloor, orders, bar, clients, and groups — the baseline for any shift
Transaction TagsTagging transactions
EquipmentManaging devices (PCs, consoles)
Remote AccessRemote control of devices
IZI BootStarting and managing IZI Boot
ScreensaversConfiguring device screensavers
IZI MonitoringViewing monitoring data
WarehouseAccess to warehouse operations
Write-off Tariff / Restore TariffManual operations on tariff orders
Write-off Product / Restore ProductManual operations on product orders
Write-off Combo / Restore ComboManual operations on combo orders

For a custom role covering shift work only, Basic Access alone is typically sufficient. Add Warehouse and Equipment only for staff who physically manage hardware and stock.

Configuration access for a specific club location:

  • Catalog — editing tariffs, products, and combos.
  • Schedules — configuring operating hours and tariff schedules.
  • Administration — club-level settings.
  • IZI Boot Settings and IZI Monitoring Settings — configuration for the respective modules.

This group belongs in custom roles for staff who configure the club, not just work shifts.

Access to reports for a specific club. Each report is a separate checkbox, so you can grant only the sections that are relevant — for example, a marketing manager gets the Promo Code and Top-Up Bonus reports without seeing shift financials:

  • Key Metrics — KPI dashboard.
  • Daily Analytics — day-by-day dynamics.
  • Product Report, Tariff Sales, Bonus Report, Session Report, Client Report, Shift Report.
  • Suspicious Activity Report, Promo Code Report, Top-Up Bonus, Price Simulation.

Cash and balance operations — the most sensitive group. Grant the minimum set needed; a shift-worker role typically only needs Cashiers and Credit Gaming Balance:

PermissionWhat it allows
CashiersViewing and working with cash registers
Credit / Debit Gaming BalanceManual correction of a client’s gaming balance
Credit / Debit Bonus BalanceManual correction of a client’s bonus balance
RefundProcessing a refund
Cash CollectionRunning a cash collection
Transfer Between AccountsMoving balance between client accounts
Apply DiscountIssuing a manual discount on an order

Step 3. Configure Organization Permissions

Section titled “Step 3. Configure Organization Permissions”

The Organization Permissions section covers network-wide settings that apply across all clubs, not just one location.

Two permissions are only available when Full Access is on; they appear as inactive checkboxes otherwise:

  • Manage Users and Roles — creating, editing, and deleting staff and roles.
  • Create Clubs — adding new locations to the organization.

These operations are intentionally protected. Accidentally granting someone the ability to create clubs or manage users carries significant risk across the entire organization.

Network-wide features manageable through the CRM:

  • Integrations — configuring external integrations.
  • Player Groups — managing customer segments at the network level.
  • Transaction Tags — managing the organization-wide tag directory.
  • Campaigns — creating and managing marketing campaigns.
  • Promo Codes — managing promo codes.
  • Promo Campaigns — managing promotional campaigns.

Click Save. The role appears in the table, which shows: name, type (System / Org.), Full Access flag, number of permissions, and last updated date.

If the selected permissions diverge from the access key list when you edit an existing role, the CRM shows a warning: “Permissions will be normalized” — with a count of how many will be added or removed on save. This is expected behavior when manually editing an already-active role.

After creating the role, go to the Users section and open the relevant staff member (or create a new one via Add).

In the Role Assignments form:

  1. Select the role from the Role dropdown.
  2. In the Clubs (optional) field, pick the specific clubs this person should access. Leaving it empty makes the role apply to the entire organization.
  3. Click Save.

You can assign multiple roles with different club scopes to a single staff member — for example, a “Floor Manager” custom role for Club A and an “Analyst” custom role covering the entire network.

For more on adding staff members, see How to Add an Administrator to a Club.

The following are recommended permission sets for three common job profiles. These are examples of custom roles you create — IZI does not provide them as built-in presets. Treat these as starting points and adjust to your own operational workflow.

A custom role for shift work only; no access to settings or analytics.

Club → Club Administration: Basic Access, Transaction Tags.
Club → Financial Operations: Cashiers, Credit Gaming Balance.

Example: Senior Administrator / Shift Manager

Section titled “Example: Senior Administrator / Shift Manager”

A custom role for staff who manage the club and view analytics; cannot change financial configuration.

Club → Club Administration: Basic Access, Equipment, Warehouse, Transaction Tags.
Club → Club Settings: Catalog, Schedules, Administration.
Club → Analytics: Key Metrics, Daily Analytics, Shift Report.
Club → Financial Operations: Cashiers, Credit Gaming Balance, Refund.

A custom role for viewing analytics across all clubs and managing network-wide settings; does not include user management.

Club → Analytics: all reports.
Organization → General Settings: Integrations, Player Groups, Campaigns, Promo Codes.


Once roles are in place, the natural next step is to open the first shift and confirm that the staff member can see the correct sections. See How to Open a Shift for instructions.

Frequently asked questions

What is a role in IZI and why do I need one?

A role is a named set of permissions that defines what a staff member can see and do in the CRM. IZI ships with one built-in staff role — Administrator — for basic club-level access. For any other profile (cashier, floor manager, analyst, etc.) you create a custom role, give it whatever name fits your operation, and pick exactly the permissions that profile needs. Assign the same custom role to as many staff members as you like, and update it once when your policy changes.

Can I assign multiple roles to one staff member?

Yes. In the user form there is an Add button that lets you attach multiple role and clubs pairs — for example, one role for the entire network and a second role scoped to a single location.

What does the Full Access toggle do?

Full Access enables every organization and club permission at once, including user and role management and the ability to create new clubs. Turning it on clears any previously selected checkboxes — control shifts to everything allowed.

What is the difference between club permissions and organization permissions?

Club permissions govern operations inside a specific location: floor, cashiers, analytics, warehouse. Organization permissions are network-wide settings that apply across all clubs: integrations, player groups, promo codes, campaigns.

Can I edit the built-in Administrator role?

No. Administrator is the only built-in staff role in IZI, and system roles are protected from editing. If you need a similar but narrower set of rights, create a custom role and select the permissions manually.

How do I restrict a staff member to one club in a multi-location network?

When assigning a role to a user, pick the specific locations in the Clubs (optional) field. If you leave that field empty the role applies to the entire organization.