How to Configure Roles and Permissions in IZI
Roles and Permissions in IZI: Full Access Configuration
Section titled “Roles and Permissions in IZI: Full Access Configuration”A role in IZI is a named set of permissions assigned to one or more staff members. Go to Organization → Roles, click Add, give the role a name, and pick permissions from two levels: club and organization. To grant unrestricted access in one click, enable the Full access toggle — it covers every permission including user management and the ability to create new clubs. A well-designed role structure solves two problems at once: a cashier sees only what they need for a shift, while a manager gets analytics and settings without touching the financial operations reserved for the owner.
Roles can be scoped to the entire network or to individual clubs. One staff member can hold multiple roles simultaneously — for example, Manager at one location and Cashier at another. The system enforces whichever combination of permissions results. Permission groups are divided into Club Administration, Club Settings, Analytics, and Financial Operations at the club level, plus a separate Organization block for cross-location controls such as campaigns, integrations, and player groups. Start with the minimum permissions a position actually needs, verify access by logging in under that account, and expand only when a concrete operational task requires it. Changes to a role take effect immediately for all staff members who hold it.
Business Logic: Why Access Control Matters
Section titled “Business Logic: Why Access Control Matters”The larger the club (or network), the more important it is to know who can do what in the system. Without roles you face two bad choices: give everyone full access (risk of errors or abuse) or do everything yourself. IZI resolves this with one built-in staff role — Administrator — plus custom roles you create yourself.
Custom roles are the core of the system. You give the role a name that matches the position in your team, then pick exactly the permissions it needs. Common examples:
- Cashier (custom role) —
club.baseonly: works the floor and handles orders, can look up clients, but cannot see financial reports or edit tariffs. - Manager (custom role) —
club.base+ warehouse, schedules, and analytics: views KPIs, opens and closes shifts, manages warehouse, but cannot touch organization-wide settings. - Accountant (custom role) — financial operations only (cash collection, refunds, cash registers) without floor permissions.
- Marketing specialist (custom role) — promo code and bonus analytics at the club level, plus campaigns and player groups at the organization level.
None of these are preset roles in IZI. You create them, name them, and choose the permissions. One staff member can hold several roles at the same time — for instance, a Manager role in one club and a Cashier role in another.
Step 1. Open the Roles Section
Section titled “Step 1. Open the Roles Section”Go to Organization → Roles in the left-hand CRM menu. The table shows columns: Role, Type, Full access, Permissions, Updated.
Role types:
- Org. — roles you created; they can be edited or deleted at any time.
- System — the built-in Administrator role (full access) and IZI Technical Support. These cannot be modified or deleted.
Step 2. Create a New Role
Section titled “Step 2. Create a New Role”Click the Add button in the top-right corner of the table. The New role modal opens.
Fill in the following fields:
Role name — free text, meaningful to your team. Examples: Cashier, Manager, Marketing Specialist. This field is required.
Full access — a toggle below the name field. When enabled, the role receives every organization and club permission, including user and role management and club creation. Leave it off to build a custom, restricted role.
Step 3. Configure Club Permissions
Section titled “Step 3. Configure Club Permissions”The Club permissions section is the largest part of the form. Permissions are grouped into four blocks.
Club Administration
Section titled “Club Administration”The core block for day-to-day operations:
| Permission | What it enables |
|---|---|
club.base | Floor, orders, bar, clients and groups |
club.transactionTags | Transaction tags |
club.equipment | Equipment management |
club.remoteAccess | Remote access to computers |
club.iziBoot.base | IZI Boot (basic access) |
club.screensavers | Screensavers |
club.monitoring.base | Monitoring |
club.warehouse | Warehouse |
club.orders.cancelTariff | Cancel a tariff |
club.orders.restoreTariff | Restore a cancelled tariff |
club.orders.cancelProduct | Cancel a product |
club.orders.restoreProduct | Restore a cancelled product |
club.orders.cancelCombo | Cancel a combo |
club.orders.restoreCombo | Restore a cancelled combo |
For a regular cashier, club.base is sufficient. Cancel and restore actions are typically manager-level.
Club Settings
Section titled “Club Settings”Administrative settings for a specific club:
| Permission | What it enables |
|---|---|
club.catalog | Product and tariff catalog |
club.schedules | Schedule management |
club.admin | Club settings |
club.iziBoot.config | IZI Boot configuration |
club.monitoring.config | Monitoring configuration |
Analytics
Section titled “Analytics”Access to reports — you can grant only the slices a role actually needs:
| Permission | What it covers |
|---|---|
club.analytics.kpi | KPI dashboard |
club.analytics.daily | Daily reports |
club.analytics.bar | Bar analytics |
club.analytics.tariff | Tariff analytics |
club.analytics.bonus | Bonus analytics |
club.analytics.sessions | Sessions |
club.analytics.clients | Client analytics |
club.analytics.shifts | Shifts |
club.analytics.suspicious | Suspicious operations |
club.analytics.promo_codes | Promo codes |
club.analytics.topupBonus | Top-up bonus |
club.analytics.pricing_simulator | Pricing simulator |
A manager typically needs kpi, daily, shifts, and clients. Suspicious operations reports are usually reserved for the owner or finance director.
Financial Operations
Section titled “Financial Operations”A sensitive block — assign only to staff who actively handle money:
| Permission | What it enables |
|---|---|
club.finance.cashboxes | Cash registers |
club.finance.op.creditGamingBalance | Credit gaming balance |
club.finance.op.debitGamingBalance | Debit gaming balance |
club.finance.op.creditBonusBalance | Credit bonus balance |
club.finance.op.debitBonusBalance | Debit bonus balance |
club.finance.op.refund | Issue a refund |
club.finance.op.cashCollection | Cash collection |
club.finance.op.accountTransfer | Inter-account transfer |
club.discounts.apply | Apply discounts |
Step 4. Configure Organization Permissions
Section titled “Step 4. Configure Organization Permissions”The Organization permissions section contains cross-location settings that apply across the entire network.
Requires Full Access
Section titled “Requires Full Access”Two items in this group are locked for custom roles — they are only available when the Full access toggle is on:
- User and role management — inviting staff, creating and editing roles.
- Club creation — adding a new club to the organization.
This is by design: only the owner or a trusted administrator should be able to manage access rights and expand the network.
General Settings
Section titled “General Settings”These are available in custom roles:
| Permission | What it enables |
|---|---|
org.integrations | Integrations |
org.playerGroups | Player groups |
org.transactionTags | Transaction tags (organization level) |
org.campaigns | Campaigns |
org.promoCodes | Promo codes |
org.promoCampaigns | Promo campaigns |
A marketing specialist typically needs campaigns, promoCodes, promoCampaigns, and playerGroups.
Step 5. Save the Role
Section titled “Step 5. Save the Role”Click Save. The role appears in the table with type Org. and can be edited or deleted at any time.
If you edit an existing role and IZI detects a mismatch between the selected permission keys and the role’s current permissions, it will display a “Permissions will be normalized” warning showing the number of permissions being added and removed. This is expected behavior when the permission structure is updated.
Step 6. Assign the Role to a Staff Member
Section titled “Step 6. Assign the Role to a Staff Member”Go to Organization → Users. Click Add (new staff member) or open an existing one.
In the Role assignments section:
- Click Add role.
- Choose a role from the dropdown — it shows all organization roles except those already assigned to this user.
- In the Clubs (optional) field, select one or more clubs in the network where this role should apply. If no clubs are selected, the role applies at the organization level only (no access to club-level operational data).
- Click Save.
A single staff member can hold multiple roles with different clubs. For example: Manager in Club A and Cashier in Club B.
Typical Role Configurations
Section titled “Typical Role Configurations”The table below shows example custom roles and suggested permission sets. These are not built-in roles — create each one in Organization → Roles → Add, name it to match your team, and select the permissions listed.
| Custom role example | Club permissions | Organization permissions |
|---|---|---|
| Cashier | base | — |
| Manager | base, warehouse, schedules, analytics.kpi, analytics.daily, analytics.shifts, orders.cancel* | — |
| Marketing specialist | analytics.clients, analytics.bonus, analytics.promo_codes, analytics.topupBonus | campaigns, promoCodes, promoCampaigns, playerGroups |
| Finance director | finance.*, analytics.* | transactionTags |
| Technical administrator | equipment, remoteAccess, iziBoot.*, monitoring.*, screensavers | integrations |
The Owner (the account that created the organization) always has full control — this is organization ownership, not an assignable role. The built-in Administrator role covers full access and is the only preset staff role in the system.
What to Check After Setup
Section titled “What to Check After Setup”- Log in to the CRM under the staff member’s account (or ask them to) and confirm that the sections they need are visible and that sections they should not see are hidden.
- If a staff member cannot see the analytics section, check that specific
club.analytics.*permissions are selected on their role —club.basealone does not grant analytics access. - If the organization settings section is inaccessible, verify that the relevant
org.*permissions are enabled on the role.
For a detailed reference on what each individual permission controls, see the IZI CRM access permissions reference.
If you are just getting started with IZI, also check how to add your first staff member and the owner’s first-steps checklist.
Frequently asked questions
Where do I create roles in IZI CRM?
Open the Organization section and click Roles. The table lists all existing roles, including built-in system roles that cannot be deleted. Click Add in the top-right corner to create a new role.
What does the Full access toggle do on a role?
A role with Full access enabled receives every permission at the organization and club levels, including user and role management and the ability to create new clubs. Treat it as owner-level access.
Can I limit a role to specific clubs in a multi-location network?
Yes. When assigning a role to a staff member, use the Clubs (optional) field to select one or more clubs. The role then applies only to those clubs. If no clubs are selected, the role applies at the organization level only, without access to club-level operational data.
Can I delete the built-in Administrator role?
No. System roles (type System in the table) cannot be edited or deleted. Create a custom role with the exact permissions you need instead.
What is the difference between club-level and organization-level permissions?
Club permissions are operational: floor, orders, analytics, cash operations, and club settings. Organization permissions are cross-location: integrations, player groups, promo campaigns, and transaction tags. User and role management requires Full access and cannot be granted through individual permission checkboxes.
What permissions are in the Club Administration group?
Floor and orders, transaction tags, equipment, remote access, IZI Boot, screensavers, monitoring, warehouse, and the ability to cancel or restore tariffs, products, and combos.
What permissions are in the Financial Operations group?
Cash registers, crediting and debiting gaming balance, crediting and debiting bonus balance, refunds, cash collection, inter-account transfer, and applying discounts.
What permissions are in the Analytics group?
KPI dashboard, daily reports, bar analytics, tariff analytics, bonus analytics, sessions, clients, shifts, suspicious operations, promo codes, top-up bonus, and the pricing simulator.