Skip to main content

Controlling Access with Roles and Permissions

Assign default or custom roles to control what each team member can see and do, toggle tab visibility per role, and manage project-level access for tight security.

Written by Support
Updated today

Overview

As your construction business grows and more people join your Structur account, controlling who can see and do what becomes critical. An estimator shouldn't be able to modify billing settings. A field supervisor shouldn't have access to sensitive financial data. A client or consultant invited to review progress shouldn't be able to edit project records.

Structur's role-based permission system is how you enforce these boundaries. Every user in your account is assigned a role that determines their access, from full administrative control all the way down to read-only visibility. Roles apply consistently across the platform, and changes take effect the moment you save them.

Beyond role assignment, Structur also gives you granular control over which tabs and features are visible to each role. You can hide specific sections, like the Intake tab, financial tools, or other modules, for roles that don't need them. This keeps workflows clean and focused for every member of your team.

Understanding the difference between each role, knowing when to use each one, and maintaining good hygiene around permissions as your team changes are some of the most impactful habits you can build as a Structur administrator.

Understanding Roles and Permissions

What It Does

Structur's permission system allows you to:

  • Assign each team member a role that controls exactly what they can see and do in the platform

  • Choose from eleven default roles ranging from full owner-level control to focused function-specific access

  • Ensure each person has access to the specific features their job requires, and no more

  • Toggle individual tabs and features on or off per role from Settings → Permissions to streamline each team member's workflow

  • Change a user's role at any time, with the new permissions taking effect immediately

  • Assign users to specific projects at the project level, limiting their visibility to only the work relevant to them

  • Track team activity and last active dates to monitor who is using the platform and identify unused accounts

  • Use @mentions in comments, notes, and tasks to notify specific team members

  • Maintain a clear audit trail of who has what access across your organization

When to Use It

Roles and permissions matter most when you need to:

  • Set up a new team member's access on their first day

  • Promote someone to a new role after a change in responsibilities

  • Restrict access for a field crew member or external party to project-specific data only

  • Give a client, architect, or consultant read-only visibility without any edit rights

  • Hide tabs or features from a role to simplify their workflow and reduce confusion — for example, hiding the Intake tab from Project Managers who only work on active projects

  • Reduce risk when a team member's role changes and their previous access level is no longer appropriate

  • Audit your team's access levels periodically to ensure they still reflect current responsibilities

Step-by-Step Instructions

1. Access User and Permission Settings

  1. Click your profile picture in the bottom-left corner

  2. Select Settings

  3. Click Users in the left sidebar

You'll see a full list of all users in your organization, including their name, role, email address, last active date, and permission level.

2. Understand the Default Role Levels

Structur includes default roles to cover the typical structure of a construction business. Each role is pre-configured with access suited to that function:

Owner

Full access to every feature in Structur - including billing, subscriptions, company settings, and all projects. The primary account holder role. Reserved for the business owner or principal who needs complete visibility and control over the entire platform.

Super Admin

Full administrative access equivalent to Owner - can manage users, modify permissions, access all projects, and control company-wide settings. Use for senior principals or operations leads who need the same level of control as the Owner without holding the primary account.

Office Manager

Broad access to company operations, project management, and financial data. Suited for office staff who coordinate across projects, manage day-to-day administrative functions, and need visibility into both operations and finances without full account-level control.

Project Manager

Can manage assigned projects, including creating estimates and proposals, accessing financial data, managing schedules, and handling tasks. Cannot access billing or company-level settings. The most common role for staff who run projects day-to-day.

Estimator

Focused on pre-construction work - creating and managing estimates, building proposals, and accessing cost codes. Has limited project management access. The right role for estimating staff whose primary work is in the pre-construction pipeline rather than active project execution.

Sales

Focused on the lead pipeline and pre-construction process - managing leads, creating ballparks and estimates, and building proposals. Suited for business development and sales staff who work primarily in the front-end of the workflow before a project is won.

Superintendent

Access focused on field operations for assigned projects - daily logs, schedules, tasks, photos, documents, and subcontractor coordination. Limited financial visibility. The right role for site superintendents who need operational access without seeing sensitive financial data.

Foreman

Similar to Superintendent but scoped to crew-level field operations. Can manage tasks, log daily progress, and coordinate on-site activities for assigned projects. Suited for lead tradespeople or working foremen who need more access than general field crew but less than a superintendent.

Field Crew

Access limited to assigned projects. Can submit daily logs, manage their own tasks, upload photos, and log timesheets. Minimal financial visibility. The right role for general site workers who need basic operational access to their assigned jobs.

Bookkeeper

Access to financial features, invoices, expenses, budgets, and financial reports. Limited project management access. Right for finance staff or outside bookkeepers who need to see and manage the numbers without needing broader project operations access.

Note: In addition to the default roles, Structur allows you to create and configure custom roles tailored to your specific business structure. Use Configure Roles at the bottom of the role dropdown to build roles that don't fit neatly into the defaults.

3. Configure Granular Feature and Tab Permissions

Beyond role assignment, Structur lets you control exactly which tabs and features are visible to each role. This is where you fine-tune what each team sees in their navigation, hiding anything that isn't relevant to their work.

  1. Go to Settings → Permissions

  2. Select the user role you want to configure (e.g., Project Manager, Field Crew, Bookkeeper)

  3. Select the access-level that each role should have

For example:

  • Hide the Intake tab from Project Managers who only work on active projects and don't need to see the lead pipeline

  • Set Access Denied from Field Crew who have no reason to see budget or invoice data

  • Show only the tools a Bookkeeper needs, invoices, expenses, budgets, without project operations clutter

This level of control means you can give team members a clean, focused interface that shows exactly what they need and nothing they don't.

4. Assign or Change a User's Role

When adding a new user:

  1. Go to Settings → Team Members

  2. Click New User

  3. Enter their email address

  4. Select their role from the dropdown

  5. Send the invitation

When changing an existing user's role:

  1. Find the user in the team list

  2. Click their name or the edit icon

  3. Select the new role from the dropdown

  4. Save changes

Role changes take effect immediately. The user's access updates the next time they navigate or refresh the platform.

5. Assign Users to Projects

Company-wide roles control feature access. Project-level assignments control which projects a user can see. Both layers work together.

  1. Open the relevant project

  2. Go to General page inside Dashboard dropdown.

  3. Add team members and assign them to a project-level role:

    • Sales Rep

    • Estimator

    • Project Manager

    • Superintendent

    • Field Staff

Users without Owner or Super Admin access can only see the projects they are explicitly assigned to. This prevents team members from having visibility into jobs that aren't their responsibility, which is especially important for financial data and client relationships.

6. Remove or Deactivate a User

When a team member leaves the company or changes roles significantly:

  1. Find the user in the team list

  2. Click the three-dot menu or edit

  3. Select Deactivate or Remove User

  4. Confirm the action

Deactivating removes their platform access while preserving all historical data, daily logs, tasks, and timesheet entries they created remain intact and visible to the rest of the team. Removing a user may affect your billing seat count. Check your plan for the exact rules.

7. Monitor Access and Activity

Use the Last Active column in the team list to see when each user last logged in. This is useful for:

  • Identifying accounts that haven't been used in a long time, candidates for deactivation

  • Confirming that newly invited users have successfully created their accounts

  • Spot-checking whether team members are actively using the platform as expected

Best Practices

  • Apply the minimum access needed - The most effective permission strategy is to give each person the lowest role that still lets them do their job. Over-permission is how sensitive financial data gets seen by people who shouldn't see it.

  • Use Settings → Permissions to hide irrelevant tabs - Don't leave every tab visible for every role just because it's the default. Take 10 minutes when onboarding a new role type to strip out anything that will only create confusion or distraction.

  • Reserve Owner and Super Admin access for a small group - These roles can do everything, including modifying billing and removing users. Limit them to owners, principals, and senior staff who genuinely need that level of control.

  • Update roles the day responsibilities change - When someone is promoted, changes departments, or takes on a new function, update their role immediately. Outdated roles are one of the most common sources of unintended access.

  • Remove users on their last day - Departing team members should be deactivated or removed on or before their final day. Don't leave active accounts for people who are no longer with the company.

  • Use project-level assignments alongside roles - Company roles define what features a person can use. Project assignments define which projects they can see. Use both together for tight, precise access control.

  • Audit the team list quarterly - Roles and responsibilities change frequently in construction businesses. A quarterly review of who has what access keeps your permissions accurate and your data protected.

  • Use custom roles when defaults don't fit - If none of the eleven default roles match a specific position in your company, use Configure Roles to build a custom role with exactly the access that position needs.

Common Questions

Q: What's the most important role distinction to understand?

A: The clearest line is between Owner / Super Admin and everyone else. These roles can access billing, modify company settings, add and remove users, and see all projects. Every other role is more restricted. Be selective about who receives these roles.

Q: Can I hide specific tabs or features for certain roles without changing their overall role level?

A: Yes. Go to Settings → Permissions, select the role, and toggle individual features and tabs on or off. This lets you keep someone as a Project Manager but hide the Intake tab, financial modules, or any other section they don't need, without demoting them to a lower role level.

Q: If I change a user's role, does it affect their access immediately?

A: Yes. Role changes take effect immediately after saving. If the user is currently logged in, the change will be reflected the next time they navigate or refresh.

Q: Can a user see all projects, or only the ones they're assigned to?

A: It depends on their role. Owner and Super Admin users can see all projects. All other roles can only see projects they've been explicitly assigned to at the project level. This applies even if they have a broad role like Project Manager, they still need to be added to each project individually.

Q: What's the difference between Owner and Super Admin?

A: Both have full platform access. Owner is the primary account holder role typically the business owner or principal. Super Admin provides the same level of access and is suited for senior staff or co-principals who need full control without holding the primary account designation.

Q: What happens to a user's work if I deactivate them?

A: All their historical data remains in the system, daily logs, tasks, timesheet entries, comments, and any records they created are preserved and remain visible to the rest of the team. Deactivation only removes their ability to log in.

Q: Can I create roles that aren't in the default list?

A: Yes. Click Configure Roles at the bottom of the role dropdown to create custom roles tailored to your company's specific structure. Custom roles can be configured with exactly the tab and feature access your business requires.

Q: What's the difference between Superintendent and Foreman?

A: Both are field-facing roles, but Superintendent is suited for site leads who oversee the full scope of a project on-site, coordinating subcontractors, managing schedules, and handling broader operational oversight. Foreman is scoped to crew-level leadership, managing tasks and daily progress for their own crew without the broader project oversight of a superintendent.

Common Mistakes to Avoid

❌ Don't

✅ Do

Give Owner or Super Admin access to every team member for convenience

Reserve Owner and Super Admin for principals and senior staff who genuinely need full control

Leave all tabs and features visible for every role

Use Settings → Permissions to hide irrelevant tabs and streamline each role's workflow

Leave a departed team member's account active

Deactivate or remove users on or before their last day

Forget to update roles when responsibilities change

Update a user's role the same day their position or duties change

Force every hire into a default role that doesn't quite fit

Use Configure Roles to build custom roles that precisely match positions in your company

Rely only on company-wide roles without project assignments

Use project-level assignments to ensure users only see the projects relevant to them

Never review who has access to the account

Audit the team list quarterly to keep permissions accurate and remove unused accounts

Related Articles
Adding Your Users and Controlling Access
Time Tracking for Field and Office Teams
Managing Tasks with Visual Task Boards
Configuring Company-Wide Settings and Defaults
Managing Your Team - Users, Seats, and Rates
Did this answer your question?