Skip to content

How to Configure Roles and Permissions in IZI

Published: · Updated: (12 days ago)· IZI Team

Roles and Permissions in IZI: Full Access Configuration

Section titled “Roles and Permissions in IZI: Full Access Configuration”

A role in IZI is a named set of permissions assigned to one or more staff members. Go to Organization → Roles, click Add, give the role a name, and pick permissions from two levels: club and organization. To grant unrestricted access in one click, enable the Full access toggle — it covers every permission including user management and the ability to create new clubs. A well-designed role structure solves two problems at once: a cashier sees only what they need for a shift, while a manager gets analytics and settings without touching the financial operations reserved for the owner.

Roles can be scoped to the entire network or to individual clubs. One staff member can hold multiple roles simultaneously — for example, Manager at one location and Cashier at another. The system enforces whichever combination of permissions results. Permission groups are divided into Club Administration, Club Settings, Analytics, and Financial Operations at the club level, plus a separate Organization block for cross-location controls such as campaigns, integrations, and player groups. Start with the minimum permissions a position actually needs, verify access by logging in under that account, and expand only when a concrete operational task requires it. Changes to a role take effect immediately for all staff members who hold it.

Business Logic: Why Access Control Matters

Section titled “Business Logic: Why Access Control Matters”

The larger the club (or network), the more important it is to know who can do what in the system. Without roles you face two bad choices: give everyone full access (risk of errors or abuse) or do everything yourself. IZI resolves this with one built-in staff role — Administrator — plus custom roles you create yourself.

Custom roles are the core of the system. You give the role a name that matches the position in your team, then pick exactly the permissions it needs. Common examples:

  • Cashier (custom role) — club.base only: works the floor and handles orders, can look up clients, but cannot see financial reports or edit tariffs.
  • Manager (custom role) — club.base + warehouse, schedules, and analytics: views KPIs, opens and closes shifts, manages warehouse, but cannot touch organization-wide settings.
  • Accountant (custom role) — financial operations only (cash collection, refunds, cash registers) without floor permissions.
  • Marketing specialist (custom role) — promo code and bonus analytics at the club level, plus campaigns and player groups at the organization level.

None of these are preset roles in IZI. You create them, name them, and choose the permissions. One staff member can hold several roles at the same time — for instance, a Manager role in one club and a Cashier role in another.

Go to Organization → Roles in the left-hand CRM menu. The table shows columns: Role, Type, Full access, Permissions, Updated.

Role types:

  • Org. — roles you created; they can be edited or deleted at any time.
  • System — the built-in Administrator role (full access) and IZI Technical Support. These cannot be modified or deleted.

Click the Add button in the top-right corner of the table. The New role modal opens.

Fill in the following fields:

Role name — free text, meaningful to your team. Examples: Cashier, Manager, Marketing Specialist. This field is required.

Full access — a toggle below the name field. When enabled, the role receives every organization and club permission, including user and role management and club creation. Leave it off to build a custom, restricted role.

The Club permissions section is the largest part of the form. Permissions are grouped into four blocks.

The core block for day-to-day operations:

PermissionWhat it enables
club.baseFloor, orders, bar, clients and groups
club.transactionTagsTransaction tags
club.equipmentEquipment management
club.remoteAccessRemote access to computers
club.iziBoot.baseIZI Boot (basic access)
club.screensaversScreensavers
club.monitoring.baseMonitoring
club.warehouseWarehouse
club.orders.cancelTariffCancel a tariff
club.orders.restoreTariffRestore a cancelled tariff
club.orders.cancelProductCancel a product
club.orders.restoreProductRestore a cancelled product
club.orders.cancelComboCancel a combo
club.orders.restoreComboRestore a cancelled combo

For a regular cashier, club.base is sufficient. Cancel and restore actions are typically manager-level.

Administrative settings for a specific club:

PermissionWhat it enables
club.catalogProduct and tariff catalog
club.schedulesSchedule management
club.adminClub settings
club.iziBoot.configIZI Boot configuration
club.monitoring.configMonitoring configuration

Access to reports — you can grant only the slices a role actually needs:

PermissionWhat it covers
club.analytics.kpiKPI dashboard
club.analytics.dailyDaily reports
club.analytics.barBar analytics
club.analytics.tariffTariff analytics
club.analytics.bonusBonus analytics
club.analytics.sessionsSessions
club.analytics.clientsClient analytics
club.analytics.shiftsShifts
club.analytics.suspiciousSuspicious operations
club.analytics.promo_codesPromo codes
club.analytics.topupBonusTop-up bonus
club.analytics.pricing_simulatorPricing simulator

A manager typically needs kpi, daily, shifts, and clients. Suspicious operations reports are usually reserved for the owner or finance director.

A sensitive block — assign only to staff who actively handle money:

PermissionWhat it enables
club.finance.cashboxesCash registers
club.finance.op.creditGamingBalanceCredit gaming balance
club.finance.op.debitGamingBalanceDebit gaming balance
club.finance.op.creditBonusBalanceCredit bonus balance
club.finance.op.debitBonusBalanceDebit bonus balance
club.finance.op.refundIssue a refund
club.finance.op.cashCollectionCash collection
club.finance.op.accountTransferInter-account transfer
club.discounts.applyApply discounts

Step 4. Configure Organization Permissions

Section titled “Step 4. Configure Organization Permissions”

The Organization permissions section contains cross-location settings that apply across the entire network.

Two items in this group are locked for custom roles — they are only available when the Full access toggle is on:

  • User and role management — inviting staff, creating and editing roles.
  • Club creation — adding a new club to the organization.

This is by design: only the owner or a trusted administrator should be able to manage access rights and expand the network.

These are available in custom roles:

PermissionWhat it enables
org.integrationsIntegrations
org.playerGroupsPlayer groups
org.transactionTagsTransaction tags (organization level)
org.campaignsCampaigns
org.promoCodesPromo codes
org.promoCampaignsPromo campaigns

A marketing specialist typically needs campaigns, promoCodes, promoCampaigns, and playerGroups.

Click Save. The role appears in the table with type Org. and can be edited or deleted at any time.

If you edit an existing role and IZI detects a mismatch between the selected permission keys and the role’s current permissions, it will display a “Permissions will be normalized” warning showing the number of permissions being added and removed. This is expected behavior when the permission structure is updated.

Go to Organization → Users. Click Add (new staff member) or open an existing one.

In the Role assignments section:

  1. Click Add role.
  2. Choose a role from the dropdown — it shows all organization roles except those already assigned to this user.
  3. In the Clubs (optional) field, select one or more clubs in the network where this role should apply. If no clubs are selected, the role applies at the organization level only (no access to club-level operational data).
  4. Click Save.

A single staff member can hold multiple roles with different clubs. For example: Manager in Club A and Cashier in Club B.

The table below shows example custom roles and suggested permission sets. These are not built-in roles — create each one in Organization → Roles → Add, name it to match your team, and select the permissions listed.

Custom role exampleClub permissionsOrganization permissions
Cashierbase
Managerbase, warehouse, schedules, analytics.kpi, analytics.daily, analytics.shifts, orders.cancel*
Marketing specialistanalytics.clients, analytics.bonus, analytics.promo_codes, analytics.topupBonuscampaigns, promoCodes, promoCampaigns, playerGroups
Finance directorfinance.*, analytics.*transactionTags
Technical administratorequipment, remoteAccess, iziBoot.*, monitoring.*, screensaversintegrations

The Owner (the account that created the organization) always has full control — this is organization ownership, not an assignable role. The built-in Administrator role covers full access and is the only preset staff role in the system.

  • Log in to the CRM under the staff member’s account (or ask them to) and confirm that the sections they need are visible and that sections they should not see are hidden.
  • If a staff member cannot see the analytics section, check that specific club.analytics.* permissions are selected on their role — club.base alone does not grant analytics access.
  • If the organization settings section is inaccessible, verify that the relevant org.* permissions are enabled on the role.

For a detailed reference on what each individual permission controls, see the IZI CRM access permissions reference.

If you are just getting started with IZI, also check how to add your first staff member and the owner’s first-steps checklist.

Frequently asked questions

Where do I create roles in IZI CRM?

Open the Organization section and click Roles. The table lists all existing roles, including built-in system roles that cannot be deleted. Click Add in the top-right corner to create a new role.

What does the Full access toggle do on a role?

A role with Full access enabled receives every permission at the organization and club levels, including user and role management and the ability to create new clubs. Treat it as owner-level access.

Can I limit a role to specific clubs in a multi-location network?

Yes. When assigning a role to a staff member, use the Clubs (optional) field to select one or more clubs. The role then applies only to those clubs. If no clubs are selected, the role applies at the organization level only, without access to club-level operational data.

Can I delete the built-in Administrator role?

No. System roles (type System in the table) cannot be edited or deleted. Create a custom role with the exact permissions you need instead.

What is the difference between club-level and organization-level permissions?

Club permissions are operational: floor, orders, analytics, cash operations, and club settings. Organization permissions are cross-location: integrations, player groups, promo campaigns, and transaction tags. User and role management requires Full access and cannot be granted through individual permission checkboxes.

What permissions are in the Club Administration group?

Floor and orders, transaction tags, equipment, remote access, IZI Boot, screensavers, monitoring, warehouse, and the ability to cancel or restore tariffs, products, and combos.

What permissions are in the Financial Operations group?

Cash registers, crediting and debiting gaming balance, crediting and debiting bonus balance, refunds, cash collection, inter-account transfer, and applying discounts.

What permissions are in the Analytics group?

KPI dashboard, daily reports, bar analytics, tariff analytics, bonus analytics, sessions, clients, shifts, suspicious operations, promo codes, top-up bonus, and the pricing simulator.