Overview
Every user at your property is assigned a role, and that role determines their permissions — what pages they can see, what actions they can take, and what data they can access. Vesta ships with three built-in roles that cover most hotel staffing scenarios, and you can create additional custom roles for specialized positions.
Good role management is about security and efficiency. You want each staff member to have access to everything they need to do their job, but nothing more. A receptionist does not need to change rate plans. A housekeeper does not need to see guest payment details. Custom roles let you dial in exactly the right level of access.
Built-in Roles
Vesta provides three system roles that cannot be deleted:
Owner
Full access to everything. This includes all operational features plus the ability to manage users, roles, and property settings. Every property has at least one Owner.
- Can do everything a Manager can do
- Can invite and remove users
- Can create and modify roles
- Can change property settings
- Cannot be removed from the property by other users
Manager
Access to all day-to-day operational features. Managers run the hotel but cannot change who has access or modify security settings.
- Bookings: create, edit, check-in, check-out, cancel
- Guests: full access to the guest directory
- Rooms and room types: full management
- Rate plans and calendar: full management
- Products and billing: full access to folio, charges, and payments
- Reports and dashboard
- Cannot manage users, roles, or property settings
Receptionist
Focused on front-desk operations. Receptionists handle guests and bookings but cannot change room configurations, rates, or products.
- Bookings: create, view, check-in, check-out
- Guests: view, create, and edit guest records
- Payments: record payments
- Folio: view charges
- Cannot modify room types, rate plans, products, or settings
:::info Built-in roles cannot be edited or deleted. If you need a role that is similar to a built-in role but with different permissions, create a custom role instead. :::
Creating a Custom Role
Custom roles let you match permissions to specialized positions at your property.
- Navigate to Settings > Roles
- Click Add Role
- Enter a name that clearly describes the position (e.g., “Night Auditor”, “Revenue Manager”, “F&B Supervisor”)
- Add an optional description to explain what this role is for
- Select the permissions this role should have by checking the boxes for each resource and action
- Click Save
:::tip Start with fewer permissions and add more as needed. It is much safer to grant additional access later than to realize someone had access to something they should not have. :::
Understanding Permissions
Permissions follow a consistent resource:action format. Each permission grants the ability to perform one specific action on one specific type of data.
Booking Permissions
| Permission | What It Allows |
|---|---|
bookings:view | View the booking list and booking details |
bookings:create | Create new bookings |
bookings:edit | Modify booking details (dates, guest, notes) |
bookings:delete | Cancel bookings |
bookings:checkin | Check in arriving guests |
bookings:checkout | Check out departing guests |
Guest Permissions
| Permission | What It Allows |
|---|---|
guests:view | Browse the guest directory and view profiles |
guests:create | Add new guest records |
guests:edit | Update guest information |
guests:delete | Delete guest records (only if the guest has no bookings) |
Room and Rate Permissions
| Permission | What It Allows |
|---|---|
rooms:view | View room list and status |
rooms:create | Add new rooms |
rooms:edit | Change room details and status |
rooms:delete | Deactivate rooms |
room_types:view | View room type definitions |
room_types:create | Create new room types |
room_types:edit | Modify room type details |
room_types:delete | Deactivate room types |
rate_plans:view | View rate plans |
rate_plans:create | Create new rate plans |
rate_plans:edit | Modify rate plans |
rate_plans:delete | Deactivate rate plans |
calendar:view | View the rate calendar |
calendar:edit | Set date-specific overrides and modifiers |
Billing Permissions
| Permission | What It Allows |
|---|---|
products:view | View the product catalog |
products:create | Add new products |
products:edit | Modify products |
products:delete | Deactivate products |
invoices:view | View folio charges on bookings |
invoices:create | Add charges to a booking |
invoices:edit | Modify manual charges |
invoices:delete | Remove manual charges |
payments:view | View payment records |
payments:create | Record payments |
payments:edit | Modify payment details |
payments:delete | Delete payment records |
Property Administration Permissions
| Permission | What It Allows |
|---|---|
property:view | View property settings |
property:edit | Modify property settings |
property:users | Manage staff access (invite, remove, change roles) |
property:roles | Create, edit, and delete custom roles |
:::info
The wildcard permission * grants full access to all resources and all actions. This is equivalent to the Owner role. Use it sparingly.
:::
Editing a Custom Role
- Navigate to Settings > Roles
- Click on the custom role you want to modify
- Add or remove permissions as needed
- Click Save
:::warning Permission changes take effect immediately for every user assigned to that role. If you remove a permission, all users with that role lose access to that feature right away — even if they are currently logged in. Consider notifying affected staff before making changes. :::
Deleting a Custom Role
- Navigate to Settings > Roles
- Click the delete icon next to the custom role
- Confirm the deletion
:::warning You can only delete a custom role if no users are currently assigned to it. Reassign those users to a different role first, then delete the old role. :::
Example Custom Roles
Here are some common custom roles that properties create:
Night Auditor — needs to view bookings and folios, record payments, and run end-of-day reports, but should not create or modify bookings:
bookings:view,invoices:view,payments:view,payments:create,guests:view
Revenue Manager — manages rate plans and calendar pricing, but does not need booking or guest access:
rate_plans:view,rate_plans:create,rate_plans:edit,calendar:view,calendar:edit,rooms:view,room_types:view
F&B Supervisor — adds food and beverage charges to bookings, manages the product catalog:
bookings:view,invoices:view,invoices:create,products:view,products:create,products:edit
Related Articles
- Managing Users — invite staff and assign roles
- Property Settings — general property configuration
- Navigating the Dashboard — what each role sees on login
:::permissions
- property:roles — required to view, create, edit, and delete custom roles :::