Overview

QReserve utilizes a flexible Role-Based Access Control (RBAC) model to manage user capabilities.

It is important to note that the vast majority of your users will likely remain at the standard User level. The Roles and Permissions system described here is intended for a select few trusted super-users, managers, or administrators who require elevated privileges to manage resources or act on behalf of other users.

This system allows you to assign specific Roles to these trusted users (or groups) and, optionally, apply granular Restrictions to fine-tune exactly which resources or users they can interact with.

Primary Site Roles

QReserve has three primary site roles with the vast majority of users being assigned the User role and then, if necessary, augmented with additional secondary roles.

User

A User is the base level user role and will make up most site members.

Users can do the following:

• Search and join sites;
• View and reserve resources (with the appropriate permissions);
• Search resources across QReserve's research network;
• View a history of personal approvals, reservations, and training;
• Edit their personal profile.

Moderator

A Moderator is the next level user role and can help with the management of sites.

Moderators can do everything Users can do plus the following:

• Edit reservations of other users in the site;
• Bypass certain reservation restrictions;
• Access all reports in administration;
• Manage site users;
• Manage training records;
• Manage resources;
• Bypass certain reservation restrictions.

Administrator

An Administrator is the highest level user role and has full control over sites.

Administrators can do everything Moderators can do plus the following:

• Manage site integrations;
• Manage site forms;
• Manage site settings;
• Manage site subscriptions;
• Delete sites.

Secondary Roles

Core Concepts

To configure access effectively, it is helpful to understand the three layers of the system:

1. Roles: A Role is a specific function or capability (e.g., "Reservation Editor" or "Maintenance Viewer").
2. Permissions: Each Role contains a set of Permissions (e.g., "Can create reservations" or "Can view reports"). These are automatically included when you select a Role.
3. Restrictions: A Restriction limits the scope of a Role. For example, you can give a user the "Reservation Editor" role (allowing them to book on behalf of others) but add a restriction so they can only manage bookings for a specific User Group.

How Permissions Combine

The system is additive.

• If a user is assigned multiple roles (e.g., one assigned directly and one assigned via a User Group), they receive the combined capabilities of all assigned roles.
• If a user has two roles—one with a restriction (e.g., "Manage Group A Only") and another with no restrictions (e.g., "Manage Everything")—the role with the broadest access takes precedence.

Available Secondary Roles

Roles are categorized by their function. Note that standard users implicitly have permission to manage their own reservations; the roles below are primarily for managing other users or site-level configurations.

Reservation Roles

These roles control how elevated users interact with bookings and resources.

• Reservation Editor:
• • Allows the principal to create, edit, and delete reservations on behalf of other users. It grants the ability to view the full site user list to select a "Reserved For" owner.
• Reservation Editor (No Transfer):
• • Similar to the standard Editor, this allows managing reservations for others, but the user cannot transfer a reservation to a different user. They can edit details or delete the booking, but the "Reserved For" user field is locked.
• Reservation Viewer:
• • Strict read-only access. The user can view all details of reservations across the site but cannot make changes.
• Reservation Forcer:
• • Allows the principal to bypass standard reservation restrictions (such as maximum duration limits, opening hours, or user quotas).
• Template Editor:
• • Grants the ability to create, edit, and delete Template Reservations, which are often used for recurring setups or quick-add workflows.
• Required Form Fields Skipper:
• • Allows the user to bypass form fields that are marked as "Required" during the booking process.

Maintenance Roles

These roles are specifically for managing downtime, repairs, or service logs.

• Maintenance Editor:
• • What it does: Allows the principal to create, edit, and delete maintenance bookings.
• Maintenance Viewer:
• • What it does: Read-only access to view maintenance logs and details.

Administrative Roles

• Admin Form Fields Editor:
• • What it does: Allows the user to fill out and edit custom form fields that are marked as "Administrator Only." Standard users cannot see or edit these fields.

Using Restrictions

When assigning a role, you can leave it "Unrestricted" (global access) or apply a "Restriction" to limit the scope.

Note: Not all roles support restrictions and not all restrictions apply to all permissions within a role.

Common Restriction Types

Restrictions allow you to define whose reservations a manager can interact with.

1. Created by / Reserved for User:
2. • The role applies only when the reservation was created by (or is reserved for) a specific individual.
2. Created by / Reserved for User Group:
3. • This is the most common configuration for team leads or department managers. It grants permission to manage reservations, but only if the reservation belongs to a member of a specific User Group.

Configuration Examples

The following scenarios illustrate how to combine Roles and Restrictions for different organizational structures, whether in a corporate office, a research lab, or a shared facility.

Scenario 1: The Department Manager / Team Lead

Goal: A manager needs to be able to edit or move bookings made by their specific team members, but they should not have access to change bookings made by other departments.

• Role: Reservation Editor
• Restriction: Apply "Reserved for user in user group". Select the Manager's specific team/department group.
• Result: The Manager can now edit/delete/move any booking belonging to their staff.

Scenario 2: The Executive Assistant

Goal: An assistant needs to place bookings on behalf of a Director, but does not need to manage the schedule for the rest of the company.

• Role: Reservation Editor
• Restriction: Apply "Reserved for user" and "Created by user" to the Director.
• Result: The Assistant can log in and create and edit bookings listed for the Director and edit any reservations the director created.

Scenario 3: The Equipment Technician

Goal: This staff member is responsible for repairs. They need to block off resources for service so regular employees cannot book them, but they do not manage user schedules.

• Role: Maintenance Editor
• Role: Reservation Viewer (Optional, to see when resources are free)
• Result: They can create maintenance blocks to prevent bookings during downtime.

Scenario 4: The Schedule Manager

Goal: Full access to manage all aspects of the schedule.

• Configuration: Assign Reservation Editor, Maintenance Editor, Reservation Forcer, and Admin Form Fields Editor.
• Restriction: None.

Best Practices: Using User Groups

While you can assign roles to individual users, we highly recommend assigning roles to User Groups whenever possible.

1. Create a User Group (e.g., "Facility Managers", "Level 2 Techs", "Team A Leads").
2. Assign the Roles and Restrictions to the Group.
3. Add users to the Group.

The users will automatically inherit all roles assigned to the group. This ensures consistent permissions across your site and simplifies onboarding.