Roles & Permissions
Every person in your company has a role. The role decides what they can see, what they can edit, and what financial information is hidden from them. Use this page as the authoritative reference when you’re deciding who to invite and what role to give them.
The nine roles
Section titled “The nine roles”Internal (company team):
- Owner — full authority. Every feature, every setting, every record.
- Manager — near-Owner, except can’t modify Owner accounts.
- Foreman — field lead. Edits assigned projects; sees their crew’s details.
- Bookkeeper — financial operations. Sees everything Owner sees for reporting/exports, but can’t create bids or manage roles.
- Operator — heavy equipment operator. Assigned work only.
- Driver — truck driver. Assigned work + own haul logs.
- Labor — general laborer. Assigned work, own timecards.
- Mechanic — equipment maintenance specialist. Equipment- focused view.
External:
- Customer — separate portal user. Sees only what you’ve explicitly shared. Can sign bids and approve change orders. Customer Portal.
Permission matrix
Section titled “Permission matrix”Full access · ✓ Limited / assigned only · ◐ No access · —
| Feature | Owner | Manager | Foreman | Bookkeeper | Operator | Driver | Labor | Mechanic |
|---|---|---|---|---|---|---|---|---|
| Bids (create, edit) | ✓ | ✓ | — | — | — | — | — | — |
| Projects (view) | ✓ | ✓ | ◐ | ✓ | ◐ | ◐ | ◐ | ◐ |
| Projects (edit) | ✓ | ✓ | ◐ | — | — | — | — | — |
| Projects (delete) | ✓ | — | — | — | — | — | — | — |
| Schedule / Calendar | ✓ | ✓ | ✓ | — | ◐ | ◐ | ◐ | — |
| Timecards (own) | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Timecards (all, lock) | ✓ | ✓ | — | ✓ | — | — | — | — |
| Haul Logs (own) | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | — | — |
| Haul Logs (all, reports) | ✓ | ✓ | — | ✓ | — | — | — | — |
| Snow Plow Logs (own) | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | — | — |
| Snow Plow Logs (reports) | ✓ | ✓ | — | ✓ | — | — | — | — |
| Customers (view) | ✓ | ✓ | ✓ | ✓ | — | — | — | — |
| Customers (edit, invite) | ✓ | ✓ | — | — | — | — | — | — |
| Equipment (view) | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Equipment (edit) | ✓ | ✓ | — | — | — | — | — | ✓ |
| Personnel (view) | ✓ | ✓ | ✓ | ✓ | — | — | — | — |
| Personnel (edit, invite) | ✓ | ✓ | — | — | — | — | — | — |
| Personnel (rates visible) | ✓ | ✓ | — | ✓ | — | — | — | — |
| Vendors | ✓ | ✓ | ◐ | ✓ | view | view | view | view |
| Materials & Inventory (edit) | ✓ | ✓ | — | — | — | — | — | — |
| Crews (manage) | ✓ | ✓ | ◐ | — | — | — | — | — |
| Settings / Company | ✓ | ✓ | ◐ | ✓ | — | — | — | — |
| Reports & Analytics | ✓ | ✓ | — | ✓ | — | — | — | — |
| Smart Notifications | ✓ | ✓ | — | ✓ | — | — | — | — |
| Ask AI (Data Q&A) | ✓ | ✓ | — | ✓ | — | — | — | — |
| QuickBooks Sync (trigger) | ✓ | ✓ | — | ✓ | — | — | — | — |
| Customer Portal invite/share | ✓ | ✓ | — | — | — | — | — | — |
| Marketing Website (edit, publish) | ✓ | ✓ | — | read | — | — | — | — |
| Roles & Permissions page | ✓ | ✓ | — | — | — | — | — | — |
Financial data visibility
Section titled “Financial data visibility”A crucial cross-cutting rule: only Owner, Manager, and Bookkeeper see financial fields. Field roles (Operator, Driver, Labor, Mechanic, Foreman) have these stripped from every API response:
- Project
value,approvedBidPrice,quote,paidAt. - Personnel
ratePerHour. - Vendor pricing (
pricePerUniton material sources). - Haul log
pricePerUnit,totalCost,invoiceId.
A driver sees that a haul happened on a project, but not how much it billed for. A foreman can see personnel names and roles, but not their hourly rates.
Foreman specifics
Section titled “Foreman specifics”Foreman is the project-assignment-based role — they have
management-like editing powers but scoped to projects they’re
assigned to as foremanId.
- Can: edit scope, timelines, completion, tasks, and daily operations on their assigned projects. See crew personnel and equipment on those projects.
- Can’t: change project status/priority, assign other foremen, edit projects they’re not assigned to, create bids, see financials.
- Default landing:
/projects(filtered to assigned).
Field role access (Operator / Driver / Labor / Mechanic)
Section titled “Field role access (Operator / Driver / Labor / Mechanic)”Common pattern:
- View only assigned projects.
- See basic team info (names, roles) — not rates.
- Log own time / daily reports.
- View equipment and materials without costs.
- Update own profile (phone, status, avatar).
Role-specific flavor:
- Driver — haul logs are their main feature. They can create and edit own hauls only.
- Operator — equipment checks and timecard tasks tied to the equipment they operate.
- Labor — timecard-centric; less equipment focus.
- Mechanic — equipment maintenance write access. See all equipment records for service scheduling.
Changing someone’s role
Section titled “Changing someone’s role”- Owner can change anyone to any role, including promoting another person to Owner.
- Manager can change any non-Owner to any role (including promoting to Manager). Cannot touch Owner accounts at all.
- Bookkeeper and field roles cannot change other people’s roles.
Multi-company permissions
Section titled “Multi-company permissions”A user can be a member of multiple companies on Excavation Expert. Roles are per-company:
- You might be Owner at Acme Excavation and Manager at Smith Concrete.
- When you switch companies in the app, your role and permissions switch too.
- Role-based data access (which projects, which hauls, etc.) is enforced per active company context — there’s no cross-company leakage.
Inviting new users
Section titled “Inviting new users”Only Owner, Manager, and Bookkeeper can invite. Each invite:
- Creates a Personnel record with the chosen role.
- Sends a magic-link email.
- On first login, the user’s auth account links to the personnel record so their role applies immediately.
See the Personnel guide for the full invitation flow.