Roles and Permissions
PropPilot uses role-based access control (RBAC) to manage what each team member can do. There are three roles: Owner, Admin, and Agent.
Role Overview
| Role | Description | Typical User |
|---|---|---|
| Owner | Full control, including billing and deletion | Business owner, CEO |
| Admin | Full operational control | Manager, Team lead |
| Agent | Day-to-day operations | Sales agent, Support rep |
Detailed Permissions
Feature Access by Role
| Feature | Owner | Admin | Agent |
|---|---|---|---|
| Dashboard | ✅ | ✅ | ✅ |
| Agents | ✅ | ✅ | ✅ |
| Knowledge Base | ✅ | ✅ | ✅ |
| Projects | ✅ | ✅ | ✅ |
| Contacts | ✅ | ✅ | ✅ |
| Inbox | ✅ | ✅ | ✅ |
| Calendar | ✅ | ✅ | ✅ |
| Usage Analytics | ✅ | ✅ | ✅ |
| Settings (Profile) | ✅ | ✅ | ✅ |
| Members | ✅ | ✅ | ❌ |
| Integrations | ✅ | ✅ | ❌ |
| Settings (Org) | ✅ | ✅ | ❌ |
| Billing | ✅ | ✅* | ❌ |
| Audit Logs | ✅ | ✅ | ❌ |
| Delete Organization | ✅ | ❌ | ❌ |
| Transfer Ownership | ✅ | ❌ | ❌ |
*Admins can view billing but cannot make critical changes
Owner Role
The Owner has complete control over the organization.
Unique Owner Capabilities
Only the Owner can:
- Delete the organization - Permanently remove all data
- Transfer ownership - Assign Owner role to another member
- Access all billing - Full billing and payment management
- Final authority - Override any setting or decision
Owner Limitations
- There can only be one Owner per organization
- Owner cannot be removed (only transferred)
- Owner account cannot be downgraded to Admin or Agent
Transferring Ownership
To transfer ownership to another member:
- Go to Settings → Organization
- Find Transfer Ownership
- Select the new Owner
- Confirm the transfer
Transferring ownership immediately demotes you to Admin. This cannot be undone without the new Owner's cooperation.
Admin Role
Admins have broad operational control but cannot make destructive changes.
Admin Capabilities
Admins can:
- Manage team members - Invite, edit roles, remove members
- Configure integrations - Set up Chatwoot, Stripe, etc.
- Manage organization settings - Update name, logo, etc.
- View billing - See plans, invoices, usage
- Access audit logs - Review activity history
- All Agent capabilities - Plus the above
Admin Limitations
Admins cannot:
- Delete the organization
- Transfer ownership
- Remove the Owner
- Access some billing actions (like cancellation)
Best Use Cases
Assign Admin role to:
- Department managers
- Team leads
- Technical administrators
- Senior staff needing full access
Agent Role
Agents handle day-to-day customer interactions.
Agent Capabilities
Agents can:
- View and manage conversations - Inbox access
- Manage contacts - Create, edit, view contacts
- Use AI agents - Create and configure agents
- Access knowledge base - Upload and manage documents
- Manage projects - View and edit properties
- View analytics - See usage and performance
- Personal settings - Update their own profile
Agent Limitations
Agents cannot:
- Access Members page (cannot see team)
- Access Integrations (cannot configure)
- Access Organization Settings
- Access Billing
- View Audit Logs
- Invite or remove team members
Best Use Cases
Assign Agent role to:
- Sales representatives
- Customer support staff
- Property agents
- New team members
Choosing the Right Role
Decision Guide
Does this person need to...
Manage billing or delete org?
→ Owner (only one per org)
Invite team members or configure integrations?
→ Admin
Just handle conversations and contacts?
→ Agent
Principle of Least Privilege
Grant the minimum role needed for the job:
- Start with Agent role for new members
- Upgrade to Admin only when needed
- Reserve Owner for business decisions
Role Changes
Upgrading a Role
- Go to Members
- Click on the member
- Change role to higher level
- Save changes
Effect: Immediate access to new features
Downgrading a Role
- Go to Members
- Click on the member
- Change role to lower level
- Save changes
Effect: Immediate loss of access to restricted features
Calendar-Specific Permissions
The Calendar has additional role-based tabs:
| Tab | Owner | Admin | Agent |
|---|---|---|---|
| My Bookings | ✅ | ✅ | ✅ |
| Event Types | ✅ | ✅ | ✅ |
| Availability | ✅ | ✅ | ✅ |
| Connection | ✅ | ✅ | ✅ |
| All Bookings | ✅ | ✅ | ❌ |
| Assignment Rules | ✅ | ✅ | ❌ |
| Branding | ✅ | ✅ | ❌ |
Security Considerations
Regular Audits
- Review member list monthly
- Remove inactive accounts
- Verify role assignments are appropriate
- Check audit logs for unusual activity
Offboarding
When a team member leaves:
- Remove them from PropPilot
- Revoke any pending invitations
- Review shared credentials
- Check Chatwoot access is removed
Multi-Factor Authentication
Encourage all members to enable MFA:
- Go to Settings → Profile
- Enable Two-Factor Authentication
- Scan QR code with authenticator app
MFA can be required organization-wide (Owner/Admin setting).
Common Questions
Can I have multiple Owners?
No, there can only be one Owner per organization. Use Admin role for others who need broad access.
Can Agents see each other?
No, Agents cannot access the Members page. They work independently without visibility into the team structure.
What happens to data when someone is removed?
Their data (conversations handled, contacts created, etc.) remains in the system. Only their account access is revoked.
Can I create custom roles?
Currently, PropPilot has three fixed roles. Contact support for enterprise custom role requirements.
What's Next?
Learn about managing your subscription: