Topo Demo
6 views Updated 11 days ago

Choose the Right Role for Each Staff Member

Choose staff roles using least privilege, location scope, and the work each person actually performs.

Role selection principles

  • Start with the least access that lets the person do their job. Add permissions only when a real workflow requires them.

  • Separate daily operations from owner-level controls such as billing, API keys, role editing, organization settings, and destructive actions.

  • Use location scope for staff who should work only at certain gyms.

  • Review roles when a staff member changes jobs, becomes a manager, leaves, or starts handling payments or member data.

  • Do not share staff accounts. Use individual staff users so activity and audit history stay attributable.

Recommended starting points

  • Owner: business owner, executive operator, or person accountable for billing, settings, roles, API keys, and final policy decisions.

  • Manager: general manager or senior staff member who needs broad operational access but should not necessarily control every owner-only setting.

  • Front Desk: check-in, POS, member lookup, waiver sends, daily tasks, inbox replies, and routine member support.

  • Instructor: assigned events or courses, attendance work, and limited member visibility needed for instruction.

  • Route Setter: route and route-set workflows, areas, and route-related shifts/tasks.

  • Custom role: any recurring job that does not match a default role cleanly, such as marketing coordinator, accountant, inventory manager, or support lead.

Sensitive permissions to review carefully

  • Role editing and staff deactivation.

  • Billing and payment onboarding.

  • Refunds, voids, disputes, and account credit.

  • Organization settings, branding, custom domains, sender domains, and widgets.

  • API keys, because an API key can perform actions allowed by its assigned role and access level.

  • Waiver content editing and force re-sign actions.

Ongoing review checklist

  • Audit owners and managers monthly or when staffing changes.

  • Disable former staff promptly.

  • Keep custom roles named by job function, not by person.

  • Check location access whenever someone transfers locations.

  • Use read-only API keys for reporting agents and dashboards unless write access is truly needed.

Sign in

Enter your email and we'll send you a one-time sign-in link.

New to Topo Demo? Create an account