Roles and Permissions control what each person in your company can do inside include GO. If you've ever heard someone say "I can't see the invoices page" or "I can't delete a project," the answer is almost always a role or permission. This page is where you decide who gets to do what.
You don't need any programming or technical knowledge to use this page. If you can click a checkbox, you can manage roles.
What are Roles and Permissions?
Think of it like a set of keys on a keyring:
A permission is a single key — for example, "View Invoices" or "Delete Projects." There are about 298 of these keys in include GO, each one unlocking a specific action.
A role is a keyring that holds a bunch of keys. Instead of handing every person a few hundred individual keys, you give them a keyring (role) that already has the right mix of keys for their job.
A user is a person on your team. Each user is handed one or more keyrings (roles). Whatever keys are on those keyrings are what they can do in include GO.
So the flow is: Permissions → bundled into Roles → assigned to Users.
Where to Find Roles & Permissions
From anywhere in include GO, click the Settings icon in the left sidebar (it looks like a gear near the bottom). Then, in the Settings sidebar that opens, scroll down to the Administration section and click Roles.
Navigation path: Dashboard → Settings → Administration → Roles
The Roles List
What you see on this screen
# | Element | Description |
|---|---|---|
1 | Create Role button | The blue button in the top-right. Click it to start building a brand-new role. |
2 | Column Headers | Click any column name to sort the list. The small icons next to each column let you filter or hide columns. |
3 | Role rows | Each row is one role. The columns show the role's name, description, how many permissions it has, and how many users are currently assigned to it. |
To open a role, right-click on its row and choose Edit from the menu that appears. That opens the edit dialog where you can change the role's details and turn permissions on or off.
The Nine Built-In Roles
include GO comes pre-built with nine roles so you don't have to start from scratch. Each one is designed for a common job on a construction or service team. You can use them as-is, tweak them, copy them, or ignore them and build your own.
Role | Who it's for | What they can do |
|---|---|---|
Super Admin (System) | The owner or top-level administrator | Everything. No restrictions. This role has all 298 permissions and cannot be edited or deleted — it's protected so you can never accidentally lock yourself out of your own system. |
Branch Manager | The person running a branch or office | Full access to almost everything in their branch — projects, tasks, people, invoices, purchase orders — except system settings and role management. |
Production Manager | A field operations lead | Manage projects, tasks, schedules, and crews. Can plan work and track how it's going. |
HR Manager | Human resources and payroll staff | Manage people records, employee pay rates, payroll batches, and time tracking. Has access to sensitive info like salaries and bank details. |
Accountant | The bookkeeper or finance team | Handle invoices, payments, purchase orders, the general ledger, and basic project financials. Can approve invoices. |
Sales Rep | Client-facing sales team members | Manage client accounts and view projects and invoices. They can work with their clients without seeing sensitive financial or operational details. |
Crew Lead | A foreman or crew supervisor | See and manage tasks for their team, track time, check resource availability, and look up locations. |
Field Worker | Crew members out on the job | Very limited — see their assigned tasks, clock in and out, and view their team. Can't see billing, contracts, or other people's time. |
Read Only | Auditors, trainees, outside reviewers | Look but don't touch. Can view almost anything in the system but cannot create, edit, or delete anything. |
Tip: Start with a pre-built role that's close to what you need and customize from there. It's faster than building a role from scratch, and you're less likely to forget a key permission.
Creating a New Role
If none of the built-in roles fit a specific job on your team, you can create your own. For example, you might want a "Warehouse Clerk" role for someone who only handles inventory, or a "Project Admin" role for an assistant who helps managers but doesn't need financial access.
Click the + Create Role button in the top-right of the Roles list.
Fill in the form
Field | Required? | What to enter |
|---|---|---|
Role Name | Yes | A short, clear name. Use words that describe the job, not the permissions — for example, "Warehouse Clerk," not "Inventory Edit Person." |
Description | No, but recommended | One sentence explaining what this role is for. Future-you and your teammates will thank you when they're trying to figure out what this role does six months from now. |
Click Create Role to save. The new role appears in the list with zero permissions — you'll need to open it and add permissions next.
Editing a Role and Choosing Permissions
This is where the real work happens. On the Roles list, right-click the role you want to edit and choose Edit from the menu.
What you see
# | Element | What it does |
|---|---|---|
1 | Role Name & Description | Rename the role or update its description at the top. |
2 | Category sidebar (left) | Permissions are grouped into categories — Accounts, Projects, Tasks, Payroll, and so on. Each category shows how many permissions are turned on out of the total available (e.g. "Accounts 6/21" means 6 of 21 Accounts permissions are on). Click a category to see its permissions. |
3 | Permission checkboxes (main panel) | Each row is one permission. Check the box to turn it on, uncheck to turn it off. Every permission has a short description under its name. |
4 | Select All button | Turns on every permission in the currently-visible category. Use with care — make sure you actually want the role to have all of them. |
5 | Save Changes button | Saves your changes. Nothing is saved until you click this — if you close the dialog or click Cancel, your edits are lost. |
How permissions work
Each permission is either on (checked) or off (unchecked). There's no "sort of on" — a person either can do the thing, or they can't. Permissions fall into a few broad types:
View permissions — "View Invoices," "View Projects." Lets the person see something without being able to change it.
Create permissions — "Create Invoices," "Create Projects." Lets the person make new things.
Update / Edit permissions — lets the person change things that already exist.
Delete / Archive permissions — lets the person remove or hide things. Be careful with these.
Approve permissions — lets the person sign off on things that need review, like invoices or time entries.
If someone can View something but not Edit it, they'll see the page but every button will be greyed out or missing. That's the right setup for "Read Only" access.
The Permissions Tab
Next to the Roles tab at the top of this page, there's a Permissions tab. This is a read-only reference — it lists every permission in include GO along with its code, description, and category. You can't edit permissions here; you'd go back to the Roles tab for that.
Use this tab when you're trying to figure out what a specific permission actually does, or when someone asks "what does approve invoices unlock?" Sort or filter by category to find what you need.
Assigning Roles to Users
Roles don't do anything on their own — they need to be assigned to a person. You assign roles from the People page, not from this page.
To give someone a role:
Go to People in the main sidebar.
Find the person and open their profile.
Look for the Roles section on their profile.
Pick one or more roles from the list. A person can have more than one role — their permissions are everything from every role combined.
Save.
Why is Super Admin locked?
You'll notice Super Admin has a System badge next to it and you can't Edit or Delete it. This is on purpose.
Super Admin is the "master key" role for include GO. If you were allowed to delete it or remove permissions from it, you could accidentally lock yourself and everyone else out of system settings — and there'd be no way back in. Instead of risking that, the system protects it for you. If you need a slightly-less-powerful admin role, clone Super Admin (right-click → Clone) and edit the copy.
Tips & Best Practices
Start small. Give new users the role that matches their job and nothing extra. It's always easier to add permissions later than to take them away after something goes wrong.
Don't give Super Admin to everyone. Super Admin should be for one or two trusted people at the top of your company. Everyone else should have a more specific role.
Clone before you change. If you want to tweak a built-in role like "Accountant," clone it first (right-click → Clone). That way the original stays available as a template, and you can undo your changes by just deleting the copy.
Use clear role names. "Warehouse Clerk" is better than "WC." Your teammates need to know what a role does without asking you.
Review roles once a year. Jobs change, people change — a quick review every year catches roles that have crept out of date.
Write a description. Even a one-line description saves hours of confusion later.
Common Questions
A user says they can't see a page they should be able to see. Check their role. Open their profile on the People page, note which role(s) they have, then come back here, right-click that role, and check whether the relevant View permission is turned on.
A user says they can see a page but can't click any buttons. That means they have the View permission but not the Create / Update / Delete permission for that feature. Decide if they should have those actions too, and toggle them on in the role.
Can someone have two roles? Yes. A user with multiple roles gets the combined set of permissions from all of them. If "Sales Rep" lets them view clients and "Accountant" lets them view invoices, a user with both roles can do both.
I messed up a role — can I undo it? There's no undo button, but you can re-open the role and fix the permissions, or clone a built-in role as a fresh starting point. Nothing is deleted permanently when you toggle a checkbox; you're just turning something on or off.
Related Topics
People — where you assign roles to users
Business Unit Settings — other settings that affect what users can access