Use this article as a reference when building, auditing, or adjusting permission groups for your team. It covers why permission groups exist, how they shape the platform experience for each role, which permissions depend on which, and what happens when you turn something off.
🎗️ New to permission groups? Learn how to create and manage them in Manage administrators and permission groups before using this article as your reference.
In this article
7. FAQ
1. Why permission groups matter
Permissions control what your employees can see and do in SmartRec. When you invite an administrator to your SmartRec store, you assign them to a permission group. That group determines which tabs appear in their navigation, which actions are available, and which settings are hidden entirely.
Getting this right matters for three reasons:
• Security. Employees only access what their role requires. This reduces the risk of accidental changes, data exposure, or unauthorized financial actions.
• Clarity. A focused interface helps employees complete their tasks faster. Front desk employees don't need to navigate around program configuration tools they'll never use.
• Accountability. Restricting actions like refunds, manual credits, and financial reports to the right roles creates a clear audit trail, which is important for any organization managing member billing and financial reporting.
You can create as many permission groups as your organization needs. The six personas in this article are recommended starting points, not a rigid structure. You know your team better than anyone.
🎗️ Review your permission groups at least once per year, or when an employee changes roles. Permissions that were right at onboarding may no longer reflect what someone actually needs.
2. Find your role
The six personas below represent the most common roles at organizations using SmartRec. Each one includes a list of synonyms to help you match your actual job title to the right group. You may not match a persona perfectly. Use the one that is closest to your responsibilities, then adjust from there.
2.1 Front Desk Associate (L1)
Also known as: front desk staff, welcome desk associate, membership services representative, part-time desk employee, seasonal employee, desk agent, guest services associate.
Category | Details |
Who they are | New or seasonal front desk employee, often part-time with high turnover. Working the desk during peak member traffic. |
What they need | Core access to check members in, register participants, sell memberships, and process payments. Sensitive actions like refunds, manual credits, and financial overrides are not included by default. |
What they see | The Clients tab and Access management tab. The interface is intentionally simplified so a new employee can focus on core tasks without risk of changing something they should not. |
💼Their primary jobs in SmartRec:
• Member check-in via kiosk or manual scan
• Searching and creating client accounts
• Registering participants for activities
• Selling memberships and processing payments at the desk
• Accepting offline payments
• Logging out at end of shift
👉 L1 should not have access to refunds, manual invoicing, or payment overrides without explicit approval from a supervisor. Mark those as Optional if you choose to extend them to a trusted associate on a case-by-case basis.
🎗️ Front desk employees are a good candidate for a shared admin account. Learn how to set one up in Manage administrators and permission groups.
2.2 Front Desk Lead / Supervisor (L2)
Also known as: front desk supervisor, welcome desk lead, membership services supervisor, shift lead, senior front desk associate, guest services manager, desk manager, service desk team lead.
Category | Details |
Who they are | Experienced full-time front desk employee or a shift supervisor. They handle escalations from L1 associates. |
What they need | Full client-facing access, including the ability to process refunds, manage insurance memberships (Silver Sneakers, Renew Active), apply tag-based discounts, handle failed payments, and close end-of-shift reconciliations. |
What they see | Clients, Memberships, Access management, Facilities, and Staff tabs. Financial configuration and back-office settings are not visible. |
💼Their primary jobs in SmartRec:
• All L1 tasks
• Membership transfers, upgrades, downgrades, pauses, and cancellations
• Insurance membership management (Silver Sneakers, Renew Active)
• Applying tag discounts at checkout and enrollment and membership limits
• Processing refunds and issuing manual invoices and credits
• Managing failed payments and expiring credit card alerts
• End-of-shift reconciliation and POS shift close
• Viewing participant reports
Compared to a Front Desk Associate (L1), a supervisor can also:
• Process refunds
• Issue manual invoices and credits
• Override and skip payments
• Mass charge saved credit cards
• Manage rental contracts
• View and run participant reports
2.3 Program / Membership Director
Also known as: program director, membership director, aquatics director, youth program coordinator, wellness director, fitness director, operations lead, program manager, program coordinator, activities coordinator, membership manager.
Category | Details |
Who they are | Program Directors, Operations Leads, or Membership Directors. They own a specific program area (aquatics, youth programming, wellness, fitness) or the organization's membership strategy. |
What they need | Access to configure programs, activities, and membership plans. They monitor registrations, manage waitlists, assign instructors, and run program performance reports. They do not typically need access to client billing or financial reconciliation. |
What they see | Activities, Memberships, Programs and activities, Reports, and Organization settings (limited). Client billing, POS configuration, and accounting tools are not accessible. |
💼Their primary jobs in SmartRec:
• Configuring programs, activities, capacity, and registration periods
• Setting pricing and waitlist rules
• Managing instructor and staff assignments
• Monitoring registrations and running activity reports
• Managing membership configurations and the member list
• Running program performance reports and analytics
🎗️Program Directors typically do not need direct access to individual client billing pages. If a director also handles escalations involving refunds or account issues, consider granting Optional access to Client billing and Refunds.
2.4 Finance admin / Bookkeeper
Also known as: bookkeeper, finance manager, finance administrator, accounting manager, controller, accounts manager, payroll and finance coordinator, office manager (finance focus), finance lead.
Category | Details |
Who they are | The person responsible for financial reporting, reconciliation, and accounting accuracy. They may work on-site or off-site, full-time or part-time. They are not involved in day-to-day member registrations or desk operations. Their focus is entirely on the financial layer of SmartRec. |
What they need | Access to financial reports, accounting reports, reconciliation tools, and client billing for audit purposes. They do not need to modify program configurations, manage memberships, or interact with front desk workflows. |
What they see | Clients (billing view only), Reports, and Accounting and finance. Program configuration, staff management, and store settings are not visible. |
💼 Their primary jobs in SmartRec:
• Running financial reports and accounting reports
• Reconciling payments and managing reconciliations
• Reviewing accounts receivable, deposits, and payment summaries
• Managing disputes and chargebacks
• Auditing client billing and transaction history
• Reviewing ledger code assignments and sales tax reporting
🎗️ A Finance admin does not need the ability to register clients, edit memberships, or configure programs. If your finance person also handles refunds or manual credits at the account level, add Refunds and Manual invoicing and Manual crediting.
2.5 Super Admin (single-site)
Also known as: system administrator, SmartRec admin, Amilia champion, store owner, operations director, IT lead, senior administrator, executive director, branch manager (system owner), implementation lead.
Category | Details |
Who they are | The CEO, senior operations lead, IT lead, or Amilia champion at a standalone branch. Responsible for end-to-end system configuration and employee onboarding. Often the primary contact for Professional Services during implementation. |
What they need | Full access, equivalent to the account owner. They configure the store, set up ledger codes and taxes, manage cancellation policies, build permission groups, and maintain the overall integrity of the SmartRec environment. |
What they see | The full SmartRec interface, including all tabs and back-office settings. |
💼Their primary jobs in SmartRec:
• Configuring store settings, payment methods, and service fees
• Setting up ledger codes, taxes, and discount structures
• Configuring membership plans and recurring billing
• Building and maintaining permission groups and admin user accounts
• Managing forms, waivers, and registration flows
• Financial reconciliation with accounting
• Running financial and accounting reports
• Onboarding and training new administrators
❗Because this group has full access, it should be reserved for the most trusted, senior employees. Treat this group as you would the account owner role.
2.6 Multi-Location Super Admin
Also known as: network admin, parent org admin, multi-branch administrator, network super-user, HQ admin, regional administrator, multi-site system owner, network coordinator.
Category | Details |
Who they are | The Super Admin operating at the parent organization level in a multi-location (network) setup. Responsible for governance across all child branches. |
What they need | All available network-level permissions. They configure shared memberships, activity templates, tags, forms, and permissions that apply across all branches. |
What they see | The full parent organization interface, including all network-level tabs and settings. |
💼Their primary jobs in SmartRec:
• Managing network-level settings and governance
• Configuring shared memberships and activity templates
• Managing shared tags and forms
• Setting network-level permissions and admin user roles
• Running cross-branch reports and centralization strategy
🌐Network permissions are separate from store-level permissions. A Multi-Location Super Admin does not automatically have admin access to individual child branches. Store-level access must be granted separately within each child organization.
👉 For a full breakdown of network permissions, see section 6.
3. How permissions shape the platform experience
3.1 What your employees see when they log in
The permission group controls which tabs appear in the side navigation. Employees cannot see tabs or sections they do not have access to. They are not greyed out, they simply do not appear.
What they need to do | Tab or area they need | Permission that unlocks it |
Look up a member | Clients | View client accounts |
View a member's billing page | Clients > billing tab | Client billing |
Register a member for an activity | Clients > store | Invoicing |
Check members in at the door | Access management | View and scan entries |
View facility calendar | Facilities | View facilities |
View memberships | Memberships | View memberships |
See program structure | Activities | View programs and activities |
Access the POS workstation | Point of sale | Access point of sale |
Run participant reports | Reports | Participant reports |
Run financial reports | Reports | Financial reports (all administrators) |
View analytics dashboards | Analytics | Analytics dashboard |
Configure store settings | Organization settings | Multiple Organization settings permissions |
3.2 Visibility versus action
Many features in SmartRec have separate permissions for viewing and acting. An employee who can see something may not be able to change it.
For example, in Clients:
• View client accounts lets an employee see the client list and account details, but not edit anything.
• Modify client accounts lets them change personal information, update account owners, and change profile pictures.
• Manage client accounts lets them create new accounts or archive and delete existing ones.
✔️ This is intentional. Read-only access is useful for an employee who has to look up information without risk of data entry errors.
4. Permission comparison at a glance
👉 For a description of what each permission does, see section 5.
⚠️ If an employee reports that a feature is missing or greyed out, check the Key dependencies column first. Disabling a foundational permission like View client accounts or Invoicing silently disables several related permissions at once, even if they remain listed as enabled.
Permission 🔑 | L1 | L2 | Prog. Dir | Finance Admin | Super Admin | Key dependencies |
CLIENTS |
|
|
|
|
|
|
View client accounts | ✅ | ✅ | ✅ | ✅ | ✅ | Foundational. Removing it cascades to billing, invoicing, refunds, email, tags, and most store actions. |
Modify client accounts | Opt. | ✅ | ✅ |
| ✅ | Requires View client accounts (auto-enabled when selected). |
Manage client accounts | Opt. | ✅ | ✅ |
| ✅ | Requires View client accounts (auto-enabled when selected). |
Client billing | Opt. | ✅ | Opt. | ✅ | ✅ | Requires View client accounts. Removing also disables Refunds, Manual invoicing, Manual crediting, and Failed payments. |
Invoicing | ✅ | ✅ | ✅ |
| ✅ | Requires View client accounts. Removing disables enrollment overrides, offline payments, hidden item purchases, and payment skipping. |
Manual invoicing |
| ✅ | Opt. | Opt. | ✅ | Requires Client billing + Invoicing. |
Manual crediting |
| ✅ | Opt. | Opt. | ✅ | Requires Client billing + Invoicing. |
Override ledger account for custom items |
| Opt. |
|
| ✅ | Requires Manual invoicing. |
Payment processing | ✅ | ✅ |
|
| ✅ | Requires View client accounts. Note: also grants access to the client billing page and the outstanding invoice summary download, shared with Client billing. |
Mass charge credit card |
| ✅ |
|
| ✅ | Requires Payment processing. |
Refunds | Opt. | ✅ |
| Opt. | ✅ | Requires Client billing. |
Failed payments |
| ✅ |
| ✅ | ✅ | Requires View client accounts + Client billing. See also Action center section for the dedicated View failed payments and Manage failed payments permissions. |
Block store actions for accounts with an outstanding balance |
| ✅ |
|
| ✅ | Requires View client accounts. |
Remove store action block from accounts |
| ✅ |
|
| ✅ | Requires View client accounts. |
Email | Opt. | ✅ | ✅ |
| ✅ | Requires View client accounts (not auto-enabled; must be added manually). |
View community segment |
|
|
|
| ✅ | Auto-enables Fees as a side effect. |
Manage community segments |
|
|
|
| ✅ | Auto-enables Fees as a side effect. |
Manage account tags | Opt. | Opt. | ✅ |
| ✅ | Requires View client accounts (not auto-enabled). |
Manage person tags | Opt. | Opt. | ✅ |
| ✅ | Requires View client accounts (not auto-enabled). |
STORE |
|
|
|
|
|
|
Override enrollment and membership limits | Opt. | ✅ | ✅ |
| ✅ | Requires View client accounts + Invoicing. |
Override restrictions and mandatory items | Opt. | ✅ | ✅ |
| ✅ | Requires View client accounts + Invoicing. |
Online store configuration |
|
|
|
| ✅ | Also required for Manage gift cards to function. |
View and purchase hidden items in the store | ✅ | ✅ | ✅ |
| ✅ | Requires View client accounts + Invoicing. |
ACCESS MANAGEMENT |
|
|
|
|
|
|
View and scan entries | ✅ | ✅ | ✅ |
| ✅ | None. Note: currently includes some configuration access that logically belongs to Manage access points. |
Manage access points |
|
|
|
| ✅ | View and scan entries is auto-enabled when selected. |
PROGRAMS AND ACTIVITIES |
|
|
|
|
|
|
View programs and activities | Opt. | ✅ | ✅ |
| ✅ | None. Visibility is limited without Modify activities. |
Activity registration information | Opt. | ✅ | ✅ |
| ✅ | Requires View programs and activities. |
Manage groups |
| Opt. | ✅ |
| ✅ | Requires View programs and activities. Activity registration information also recommended. |
Modify activities |
|
| ✅ |
| ✅ | Requires View programs and activities. |
Manage programs |
|
| ✅ |
| ✅ | Requires View programs and activities. Duplicate and delete activities also require Modify activities. |
FACILITIES |
|
|
|
|
|
|
View facilities | ✅ | ✅ | ✅ |
| ✅ | Removing it disables all bookings, rental contracts, and scheduling override permissions. |
Manage facilities |
|
|
|
| ✅ | View facilities is auto-enabled when selected. |
View rental contracts | Opt. | ✅ | ✅ |
| ✅ | None required. |
Manage rental contracts |
| ✅ |
|
| ✅ | Requires View rental contracts. |
Create bookings | ✅ | ✅ | Opt. |
| ✅ | Requires View facilities. |
Edit bookings |
| ✅ | Opt. |
| ✅ | Requires View facilities + Create bookings. Invoice view also needs Client billing. Cancellation with invoice also needs Manual invoicing. |
Allow scheduling conflicts when booking facilities |
| ✅ |
|
| ✅ | Requires View facilities + Create bookings. |
Allow booking to overlap existing buffer period(s) |
| ✅ |
|
| ✅ | Requires View facilities + Create bookings. |
STAFF |
|
|
|
|
|
|
Manage staff |
| ✅ | Opt. |
| ✅ | None required. |
MEMBERSHIPS |
|
|
|
|
|
|
View memberships | ✅ | ✅ | ✅ |
| ✅ | None. Also required for View multipasses to function. |
Manage membership configurations |
|
| ✅ |
| ✅ | View memberships is auto-enabled when selected. |
Mass edit memberships |
|
| ✅ |
| ✅ | View memberships is auto-enabled together when selected. |
Batch purchase memberships |
| ✅ | ✅ |
| ✅ | Requires Invoicing. Previously included under Invoicing; both permissions are now required as of March 23, 2026. |
Edit membership | Opt. | ✅ | Opt. |
| ✅ | Requires View memberships. |
Modify billing day on a membership with a recurring billing |
| ✅ | Opt. |
| ✅ | Requires Edit membership. Only visible if the recurring billing on memberships module is enabled. |
Make membership transfer | Opt. | ✅ | ✅ |
| ✅ | Requires View memberships. |
MERCHANDISE / GIFT CARDS / SKILLS |
|
|
|
|
|
|
Manage orders (Merchandise) |
|
| Opt. |
| ✅ | None required. |
Manage gift cards |
|
|
|
| ✅ | Currently requires Online store configuration. Logically independent but platform-linked. |
View skills | ✅ | ✅ | ✅ |
| ✅ | None required. |
Assign skills | Opt. | ✅ | ✅ |
| ✅ | Requires View skills. Client-level assignment also requires View client accounts. |
Manage skills |
|
| ✅ |
| ✅ | View skills is auto-enabled when selected. |
ORGANIZATION SETTINGS |
|
|
|
|
|
|
General information |
|
|
|
| ✅ | None. Membership card template configuration is accessible regardless of this permission. |
Organization settings |
|
| Opt. |
| ✅ | None required. |
Billing and sales |
|
|
|
| ✅ | None required. |
Manage apps |
|
|
|
| ✅ | None required. |
View administrator list and permission settings |
|
|
|
| ✅ | None required. |
Manage administrator list |
|
|
|
| ✅ | Requires View administrator list and permission settings. |
Manage permissions |
|
|
|
| ✅ | Requires View administrator list and permission settings. |
Dashboard |
| Opt. | ✅ |
| ✅ | None required. |
FORMS |
|
|
|
|
|
|
Registration forms |
|
| ✅ |
| ✅ | None required. |
PAYMENTS |
|
|
|
|
|
|
Custom item settings |
|
| ✅ |
| ✅ | None required. |
Manage discounts |
|
| ✅ |
| ✅ | View discounts is auto-enabled when selected. |
View discounts | Opt. | Opt. | ✅ |
| ✅ | None required. |
Fees |
|
| ✅ |
| ✅ | None required. |
Installments |
|
| ✅ |
| ✅ | None required. |
Scholarships |
|
| ✅ |
| ✅ | None required. |
Fundraising |
|
|
|
| ✅ | None required. |
View cancellation policies |
| ✅ | ✅ |
| ✅ | None required. |
Manage cancellation policies |
|
| ✅ |
| ✅ | View cancellation policies is auto-enabled when selected. |
Override and skip payment | Opt. | ✅ |
|
| ✅ | Requires View client accounts + Invoicing. |
Accept offline payments | ✅ | ✅ |
|
| ✅ | Requires View client accounts + Invoicing. |
FINANCE AND REPORTING |
|
|
|
|
|
|
Participant reports |
| ✅ | ✅ |
| ✅ | None required. |
Financial reports (all administrators) |
|
| Opt. | ✅ | ✅ | None required. |
Financial reports (administrator-specific) |
|
|
| ✅ | ✅ | None required. |
Activity reports |
| Opt. | ✅ | Opt. | ✅ | None required. |
Accounting reports |
|
|
| ✅ | ✅ | None required. |
Manage reconciliations |
|
|
| ✅ | ✅ | To view reconciliations within a client account: also requires View client accounts + Client billing. |
Delete reconciliations |
|
|
| ✅ | ✅ | Requires View client accounts + Client billing. |
Manage disputes |
|
|
| ✅ | ✅ | None required. |
ACTION CENTER |
|
|
|
|
|
|
View failed payments |
| ✅ |
| ✅ | ✅ | Requires View client accounts + Client billing. Both View failed payments and Manage failed payments are required to view and act on notifications in the action center. |
Manage failed payments |
| ✅ |
| ✅ | ✅ | Requires View failed payments. |
MULTIPASSES / POINT OF SALE / ANALYTICS |
|
|
|
|
|
|
View multipasses | ✅ | ✅ | ✅ |
| ✅ | Requires View memberships. Logically separate but platform-linked. |
Manage multipasses |
|
| ✅ |
| ✅ | Requires View multipasses. |
Access point of sale | ✅ | ✅ |
|
| ✅ | Removing it disables workstation configuration and shift management entirely. |
Configure workstations and layouts |
|
|
|
| ✅ | Access point of sale is auto-enabled when selected. |
Sales register shifts | Opt. | ✅ |
|
| ✅ | Access point of sale is auto-enabled when selected. |
Analytics dashboard |
|
| ✅ |
| ✅ | None required. |
🎗️ The point of sale can be used to create invoices on the fly without clients providing their account information at checkout, useful for concessions, branded merchandise, towels, and similar items. If some employees use the POS exclusively, consider setting up a separate permission group for them.
5. Known permission behaviors and platform notes
This section documents behaviors that are not always obvious from the permission name alone. Use it as a reference when troubleshooting unexpected access or planning a new permission group.
5.1 Clients section
View client accounts does not enable clicking on a client's name in Membership management. The relevant membership permission must also be combined with View client accounts for that link to be active.
View community segment currently enables Fees as a side effect. This is a known platform behavior and does not grant meaningful Fees configuration access.
Manage community segments has the same Fees side effect as View community segment.
Modify client accounts automatically enables View client accounts when selected.
Manage client accounts automatically enables View client accounts when selected.
Failed payments requires both View client accounts and Client billing to function. If Client billing is turned off, failed payment access is also lost.
Manual invoicing and Manual crediting are now separate permissions. Previously combined as Manual invoicing and crediting, they can now be granted independently. Both require Client billing + Invoicing.
Block store actions for accounts with an outstanding balance and Remove store action block from accounts work as a pair. Granting one without the other may limit an employee's ability to fully manage account balance blocks.
Email requires View client accounts to be present but does not automatically enable it.
5.2 Store section
Override enrollment and membershiplimits, Override restrictions and mandatory items, and View and purchase hidden items in the store all require both View client accounts and Invoicing.
👉 Removing either of those two foundational permissions disables these store actions even if the individual permissions are still enabled.
5.3 Access management section
View and scan entries currently includes some settings that should logically belong to Manage access points, such as changing the "Manage clients with an unpaid balance" setting and modifying waiver requirements. Be aware that granting this permission gives slightly more configuration access than the name implies.
Manage access points automatically enables View and scan entries when selected.
5.4 Programs and activities section
View programs and activities provides limited visibility by design. Many activity, program, and private lesson settings are not visible with this permission alone. Employees may need Modify activities to see the full configuration of an activity.
Modify activities grants indirect visibility to merchandise items, community segments, memberships, skills, and forms through activity settings — even if those individual permissions are not enabled.
Duplicate activities and Delete activities are technically part of Manage programs but are functionally dependent on Modify activities also being enabled. This is a known platform behavior.
Modify billing day on an activity with a recurring billing is only available when the recurring billing on activities module is enabled. It requires Invoicing and is displayed after the Invoicing permission in the permissions list.
5.5 Facilities section
View facilities includes the ability to change a facility's ledger code and to create or delete public calendars — actions that would be more logically grouped under Manage facilities. This is a known platform behavior.
Edit bookings requires Create bookings to be enabled. There is no supported scenario where ane mployee can edit a booking without also being able to create one.
To view the invoice attached to a booking, they also need Client billing.
To cancel a booking that has an invoice, they also need Manual invoicing and manual crediting.
5.6 Memberships section
View memberships allows exporting the membership configuration list even without direct in-platform visibility into those settings. An employee with this permission can see configuration details in a report that are otherwise not shown in the SmartRec interface.
Edit membership includes an admin note field, but saved notes do not persist on the membership or appear in the client account. This is a known platform issue.
Manage membership configurations does not give access to configure recurring billing. Recurring billing settings require additional access.
Mass edit memberships auto-enables both View memberships and Mass edit memberships together when selected.
Batch purchase memberships requires Invoicing in addition to the dedicated permission. Admins who had Invoicing before March 23, 2026 were automatically granted the new permission at release.
Modify billing day on a membership with a recurring billing requires Edit membership and is only visible when the recurring billing on memberships module is enabled.
View multipasses currently requires View memberships to be enabled. These permissions are logically separate but are linked in the current platform version.
5.7 Gift cards section
Manage gift cards currently requires Online store configuration to be enabled. These two permissions are logically independent, but the platform links them. Be aware that enabling gift card management for a front desk role technically also enables store configuration access.
5.8 Organization settings section
Membership card template configuration is available to any admin with access to the Account tab, regardless of which specific permission is enabled. This is not tied to a specific permission and applies broadly.
Manage administrator list currently includes the ability to add new API tokens. This should logically sit under Organization settings, but is a known current behavior.
5.9 Payments section
Scholarships currently auto-enables Fees as a side effect. This is a known platform behavior.
Override and skip payment requires both View client accounts and Invoicing. It will not function if either of those foundational permissions is missing.
Accept offline payments requires both View client accounts and Invoicing.
5.10 Finance and reporting section
Participant reports currently includes the "Membership sales and cancellations by date" report, which may be more logically grouped under a memberships or financial report category. This is a known behavior.
Financial reports (all administrators) and Accounting reports each include an accounts receivable report, but they are different reports. This overlap is a known inconsistency.
Manage reconciliations gives access to the reconcilable account list in the action center. To also view reconciliations within a client account, the employee also needs View client accounts and Client billing.
Delete reconciliations requires View client accounts and Client billing in addition to the delete permission itself.
5.11 Action center section
View failed payments and Manage failed payments are two separate permissions. Both are required to fully view and act on failed payment and expiring credit card notifications in the action center.
Failed payments (under Clients) also appears here for reference. It shares the same dependencies: View client accounts and Client billing must both be enabled.
5.12 Multipasses section
View multipasses requires View memberships to be enabled. The two permissions are functionally linked in the current platform version, even though they cover separate feature areas.
6. Network admin permissions
This section is for organizations using multi-location management (also called a network). In a network, a parent organization oversees one or more child locations. Network admins log in at the parent level and manage settings, programs, or memberships that apply across all locations.
Network permissions are separate from SmartRec store permissions. A person can hold a network role, a store role, or both depending on their responsibilities.
⚠️ Network admin permissions are only relevant if your organization uses multi-location management. If you operate a single SmartRec store, this section does not apply to you.
6.1 The four network personas
Super-user
Who they are: The network equivalent of the account owner. This person has full access to the parent organization, including all program, membership, and organization configuration at the network level.
What they need: All available network permissions. They are responsible for managing programs, memberships, organization settings, administrators, and API integrations across the entire network.
What they see when they log in: The full parent organization interface with all network-level tabs and settings visible.
🌐 This role should be reserved for the most trusted administrators in your network. Changes made at the network level can affect all child locations simultaneously.
Program director
Who they are: A network-level administrator responsible for managing program content and activity templates across locations.
What they need: Access to view and manage programs and activities, including activity templates that can be pushed to child locations. They may also have limited visibility into organization settings.
What they see when they log in: The Programs and activities tab at the network level, with optional access to organization settings depending on configuration.
🌐 Changes to activity templates at the parent level are not automatically reflected in activities already imported by child locations. The child location must re-import the template for changes to apply.
Membership director
Who they are: A network-level administrator responsible for managing membership configurations that apply across locations.
What they need: Access to view and manage membership configurations at the network level. They may also have limited visibility into organization settings.
What they see when they log in: The Memberships tab at the network level, with optional access to organization settings depending on configuration.
🌐 Unlike activity templates, changes to memberships at the parent level are automatically reflected in memberships already imported by child locations.
Finance / accounting director
Who they are: A network-level administrator responsible for financial reporting and accounting oversight across all locations. They are not involved in program or membership configuration.
What they need: Access to billing, sales, financial reports, and accounting reports at the network level. They do not need visibility into programs, memberships, or organization settings beyond what is required for financial oversight.
What they see when they log in: The Reports tab and financial configuration areas at the network level. Program and membership tabs are not visible.
Read-only / view-only
Who they are: A network-level administrator who needs visibility across the network without the ability to create, edit, or delete anything. Typically an auditor, executive, or regional observer.
What they need: View-only access to programs, memberships, reports, and analytics. No manage or modify permissions of any kind.
What they see when they log in: A read-only view of the areas they have been granted access to. No actions, buttons, or configuration options are available to them.
API access
Who they are: A technical role assigned to system integrations, third-party tools, or developers who connect external applications to your SmartRec network via the API.
What they need: Access to the data and settings required for the integration to function. This is typically programs, memberships, and organization information. This role does not map to a person logging into the interface; it represents a token-based connection.
What they see when they log in: Determined by the specific permissions assigned. API access should be scoped as narrowly as possible to only what the integration requires.
❗ API tokens are managed under Manage administrator list in Organization settings. Only super-users should create or revoke API tokens.
6.2 Recommended network permissions
Programs and activities
Permission 🔑 | Why you need it |
Programs and activities View programs and activities | Required for super-user, program director, and API access. Allows viewing programs, activities, and private lessons at the network level. |
Programs and activities Activity templates | Required for super-user and program director. Allows viewing, creating, modifying, and deleting activity templates that can be applied across child branches. |
Programs and activities Manage programs | Required for super-user and program director. Allows creating, editing, archiving, and importing programs at the network level. |
Memberships
Permission 🔑 | Why you need it |
Memberships View memberships | Required for super-user, membership director, and API access. Allows viewing network-level membership configurations and the member list. |
Memberships Manage membership configurations | Required for super-user and membership director. Allows creating and modifying network-level membership configurations. Requires View memberships. |
Organization settings
Permission 🔑 | Why you need it |
Organization settings General information | Required for super-user and API access. Allows editing the parent organization's basic information including description and logo. |
Organization settings Organization settings | Required for super-user and API access. Optional for program director and membership director. Allows editing network-level settings including calendar configuration and tags. |
Organization settings Billing and sales | Required for super-user. Allows viewing billing information and editing sales and accounting options at the network level. |
Organization settings View administrator list and permission settings | Required for super-user. Optional for program director and membership director. Allows viewing the list of network administrators and their assigned permissions. |
Organization settings Manage administrator list | Required for super-user. Optional for program director and membership director. Allows adding and modifying network administrators. Requires View administrator list and permission settings. |
Organization settings Manage permissions | Required for super-user. Optional for program director and membership director. Allows creating, editing, and deleting network permission groups. Requires View administrator list and permission settings. |
Finance and reporting
Permission 🔑 | Why you need it |
Finance and reporting Participant reports | Required for super-user, program director, membership director, finance/accounting director, and read-only. Access to participant reports including email addresses for programs and membership sales and cancellations. |
Finance and reporting Financial reports (all administrators) | Required for super-user and finance/accounting director. Displays financial reports and data for all administrators across the network (parent and child locations). Note: if you want to display reports only for the currently logged-in administrator, do not enable this permission together with Financial reports (administrator-specific). |
Finance and reporting Financial reports (administrator-specific) | Required for finance/accounting director. Displays financial reports and data only for the currently logged-in administrator. Information relating to other administrators will not be displayed. |
Finance and reporting Activity reports | Required for super-user, program director, membership director, finance/accounting director, and read-only. Access to activity reports including participants by location and information on activities of a given program. |
Finance and reporting Accounting reports | Required for super-user and finance/accounting director. Access to all accounting reports including sales and payment summaries, ledger code reports, and more. |
Analytics
Permission 🔑 | Why you need it |
Analytics Dashboard | Required for super-user, program director, membership director, finance/accounting director, and read-only. Provides access to the analytics dashboard. Note: only available if SmartRec Analytics is enabled for your organization. |
6.3 Network permission comparison
6.3 Network permission comparison
Permission | Super-user | Program director | Membership director | Finance director | Read-only / API |
Programs and activities |
|
|
|
|
|
View programs and activities | ✅ | ✅ |
|
| ✅ / ✅ |
Activity templates | ✅ | ✅ |
|
|
|
Manage programs | ✅ | ✅ |
|
|
|
Memberships |
|
|
|
|
|
View memberships | ✅ |
| ✅ |
| ✅ / ✅ |
Manage membership configurations | ✅ |
| ✅ |
|
|
Organization settings |
|
|
|
|
|
General information | ✅ |
|
|
| / ✅ |
Organization settings | ✅ | Optional | Optional |
| / ✅ |
Billing and sales | ✅ |
|
| ✅ |
|
View administrator list and permission settings | ✅ | Optional | Optional |
| Optional / |
Manage administrator list | ✅ |
|
|
|
|
Manage permissions | ✅ |
|
|
|
|
Finance and reporting |
|
|
|
|
|
Participant reports | ✅ | ✅ | ✅ | ✅ | ✅ / |
Financial reports (all administrators) | ✅ |
|
| ✅ |
|
Financial reports (administrator-specific) | ✅ |
|
| ✅ |
|
Activity reports | ✅ | ✅ | ✅ | ✅ | ✅ / |
Accounting reports | ✅ |
|
| ✅ |
|
Analytics (if enabled) |
|
|
|
|
|
Dashboard | ✅ | ✅ | ✅ | ✅ | ✅ / |
6.4 How network permissions interact with store permissions
A network super-user does not automatically have admin access to individual child locations. Child-level access must be granted separately within each child organization.
A store admin does not have visibility into the parent organization unless they are also assigned an admin permission group in the parent organization.
Program and membership configurations created at the network level can be applied to child branches, but the ability to do so depends on the network role, not the store role.
⚠️ When centralized permissions are enabled, child locations cannot add their own administrators. The New Administrator button is greyed out at the child level. All administrator management is handled by the parent organization.
🌐 When troubleshooting access for a network admin, always confirm whether the issue is at the parent level or the child level. They are governed by different permission groups.
6.5 Things to consider for API access
Scope API permissions as narrowly as possible. Only grant access to the sections the integration actively uses.
View programs and activities and View memberships are the most commonly needed permissions for read-based integrations.
If the integration needs to write data, the corresponding manage permissions are also required.
API tokens are not tied to a named employee. Document which integration each token belongs to so tokens can be revoked individually if a vendor relationship ends or a token is compromised.
7. FAQ
What is the difference between "Required" and "Optional" in the permission tables?
Required means the permission is needed to perform the core tasks of that role. Optional means the permission adds useful capability but is not essential for day-to-day work. You may choose to include or exclude Optional permissions based on your organization's workflows and the trust level for that role.
Can I create more than six permission groups?
Yes. The six personas in this article are starting points. You can create as many groups as your organization needs. Common additions include a dedicated POS-only group for employees who work exclusively at the point of sale, or a separate group for a membership sales associate who handles enrollments but not program configuration.
An admin says they cannot see a tab or button. How do I troubleshoot?
Start by checking whether the foundational permission for that area is enabled. The most common cause is a missing dependency. For example, Invoicing is turned off, which silently disables several related actions like hidden item purchases or payment overrides. Refer to the Key dependencies column in section 4 for the full picture.
Should front desk admins have access to financial reports?
Generally, no. Financial reports are best reserved for Finance admins and Super Admins. Front desk roles typically only need Participant reports (L2 and above) to look up registration details. Exposing detailed revenue and accounting reports to front desk employees increases privacy risk and adds unnecessary complexity to their interface.
What happens if I disable a permission that another permission depends on?
The dependent permission stops working even if it is still listed as enabled in the group settings. SmartRec does not automatically disable the dependent permission or show a warning. Use the Key dependencies column in section 4 before making changes to an existing group.
Can an L1 Front Desk Associate process payments?
Yes. L1 associates can process payments via the online store and accept offline payments with Invoicing and Accept offline payments enabled. They cannot process refunds, skip payments, or create manual invoices without those specific permissions being explicitly granted.
What should I do when an L1 associate becomes a regular team member?
Move them to the Front Desk Lead (L2) permission group, or create a new group with the expanded permissions they need. You do not need to recreate their administrator account. Simply update their permission group assignment.
How do insurance memberships like Silver Sneakers affect permissions?
Insurance membership workflows including sales, transfers, and renewals fall under the Memberships section permissions. L2 Front Desk Leads should have View memberships, Edit membership, and Make membership transfer to handle Silver Sneakers, Renew Active, and similar programs. L1 associates can sell insurance memberships with Invoicing enabled, but cannot manage transfers or cancellations without the additional membership permissions.
What is the right permission group for an employee who only works the POS during events?
Create a dedicated POS-only permission group with Access point of sale, Invoicing, Accept offline payments, and View client accounts. Add Sales register shifts if they open and close the register. This keeps their interface focused and prevents access to client records or back-office features they do not need.
What does a Finance admin need that a Super Admin does not?
The Finance admin persona is intentionally narrow. It covers financial reporting, reconciliation, and audit access without touching program configuration, membership setup, or front desk workflows. If your finance person needs to process refunds or create manual credits at the account level, add Refunds and Manual invoicing and manual crediting as Optional permissions.