Roles & Permissions

Understand EquineOps’ role-based access control system and learn how to assign appropriate permissions to your team members.

Role-based permissions ensure team members can access what they need while protecting sensitive information. Each role defines what a user can view, create, edit, and delete within the system.

The Four Role Levels

EquineOps uses four distinct roles with progressively restricted access:

Admin Role

Full system access including billing and critical settings

Admins have complete control over the entire EquineOps system, including financial and security-sensitive areas.

Full Access To:

All horses, staff, clients, and programs
Billing and subscription management
Integration settings (QuickBooks, payment processors)
User management (invite, remove, change roles)
System configuration and organization settings
All deletion and archival operations
Audit logs and security settings

Best For:

Business owners
Primary account holders
Financial officers
Operations directors

Limit Admin Access: Only assign this role to people who absolutely need billing and security access. Too many Admins increases security risk.

Manager Role

Operational management without billing or critical system access

Managers can oversee day-to-day operations, manage teams, and handle client relationships without accessing financial or security settings.

Can Access:

All horses, staff, and client information
All programs (feed, farrier, health)
Task creation and assignment
Document and media management
Reports and analytics
Staff scheduling and coordination
Client communication tools

Can Perform:

Create, edit, and archive horses
Manage staff profiles
Manage client relationships
Create and assign tasks
Manage programs
Upload documents and photos
Generate reports
Archive records (but not permanently delete)

Cannot Access:

Billing and subscription settings
Payment methods and invoices
Critical integration settings
User role management
Permanent record deletion
Security and audit logs

Best For:

Barn managers
Assistant managers
Operations supervisors
Head trainers
Client relations managers

Manager is the Sweet Spot: Most operational staff who need oversight capabilities should use this role. It provides necessary access without financial risk.

Member Role

Day-to-day horse care and task execution

Members handle routine horse care, complete assigned tasks, and document daily activities without management capabilities.

Can Access:

View all horse information
View assigned programs
View other staff profiles
View client basic information (for horse ownership context)

Can Perform:

Update horse information
Complete assigned tasks
Add notes and observations
Record health events
Log care activities (feeding, turnout, grooming)
Upload photos and documents
Mark tasks complete
View schedules and programs

Cannot Perform:

Create or delete horses
Delete or archive most records
Assign tasks to others
Manage staff or clients
Change program settings
Access billing or settings
Invite users
View sensitive client information

Best For:

Grooms and stable hands
Trainers and riders
General barn staff
Part-time workers
Volunteers with system access

Perfect For Most Staff: The Member role gives team members what they need to do their jobs without management overhead or security risk.

Client Role

Portal-only access to view own horses

Clients receive read-only access to information about horses assigned to them through the client portal.

Can Access:

Horses assigned to their client profile
Photos and videos of their horses
Program schedules for their horses
Health records (if enabled by organization)
Documents shared with them
Updates and notifications about their horses

Can Perform:

View horse details
See photos and videos
Review schedules
Read health information (if permitted)
Download shared documents
Receive notifications

Cannot Access:

Other clients’ horses or information
Staff information
Other clients’ contact details
Operational data
System settings
Financial information

Cannot Perform:

Edit any information
Create or delete records
Upload documents
Assign tasks
Manage programs

Best For:

Horse owners
Lessees
Horse guardians
Sponsors

Clients See Only Their Horses: The system automatically ensures clients can only access horses assigned to their profile. No configuration needed.

Permission Comparison Table

Capability	Admin	Manager	Member	Client
Horses
View all horses	✓	✓	✓	Own only
Create horses	✓	✓	✗	✗
Edit horses	✓	✓	✓	✗
Archive horses	✓	✓	✗	✗
Delete horses	✓	✗	✗	✗
Tasks
View tasks	✓	✓	Assigned only	✗
Create tasks	✓	✓	✗	✗
Assign tasks	✓	✓	✗	✗
Complete tasks	✓	✓	✓	✗
Delete tasks	✓	✓	✗	✗
Staff
View staff	✓	✓	✓	✗
Manage staff	✓	✓	✗	✗
Invite users	✓	✗	✗	✗
Change roles	✓	✗	✗	✗
Clients
View clients	✓	✓	Basic info	Own profile
Manage clients	✓	✓	✗	✗
Client portal access	✓	✓	✗	✓
Programs
View programs	✓	✓	✓	Assigned horses
Create programs	✓	✓	✗	✗
Manage programs	✓	✓	✗	✗
Execute programs	✓	✓	✓	✗
Media
View media	✓	✓	✓	Shared only
Upload media	✓	✓	✓	✗
Delete media	✓	✓	Own only	✗
Share with clients	✓	✓	✗	✗
Documents
View documents	✓	✓	✓	Shared only
Upload documents	✓	✓	✓	✗
Delete documents	✓	✓	Own only	✗
Health Records
View health records	✓	✓	✓	If permitted
Create health records	✓	✓	✓	✗
Edit health records	✓	✓	✓	✗
Delete health records	✓	✗	✗	✗
Expenses
View expenses	✓	✓	✗	✗
Create expenses	✓	✓	✗	✗
Manage expenses	✓	✓	✗	✗
Settings & Billing
Organization settings	✓	✗	✗	✗
Billing & subscription	✓	✗	✗	✗
Integration settings	✓	✗	✗	✗
User management	✓	✗	✗	✗
Security settings	✓	✗	✗	✗

Assigning Roles

During User Invitation

When inviting a new team member, select their role based on responsibilities:

Navigate to Staff page
Click “Invite to EquineOps” for a staff member
Select appropriate role from dropdown
Send invitation

The team member receives the role immediately upon accepting the invitation.

Changing Roles After Invitation

Admins can change user roles at any time:

Go to Settings → Team → User Management
Find the user you want to modify
Click “Change Role”
Select new role
Confirm change

Role changes take effect immediately. The user may need to refresh their browser to see updated permissions.

Role Changes Are Instant: Users don’t need to log out and back in. Their next action will reflect the new role’s permissions.

Best Practices for Role Assignment

Minimize Admins

Principle of Least Privilege: Only assign Admin role to people who need billing and security access.

Recommended:

1-2 Admins for small operations (under 50 horses)
2-3 Admins for medium operations (50-200 horses)
3-5 Admins for large operations (200+ horses)

Too Many Admins Increases Risk:

Accidental deletion of critical records
Unauthorized billing changes
Integration misconfigurations
Security policy violations

Use Manager for Operational Leadership

Manager role is perfect for people who need oversight capabilities without financial access:

Assign Manager to:

Barn managers who oversee daily operations
Assistant managers who coordinate staff
Senior trainers who manage programs
Client relations staff who need full client access

Don’t Assign Manager to:

Staff who only complete tasks (use Member instead)
People who need billing access (use Admin)
External contractors (don’t invite them)

Member for Most Staff

The majority of your team should have Member role:

Assign Member to:

Grooms and stable hands
Trainers and riders
General barn staff
Part-time workers
Anyone who primarily executes tasks

Why Member Works:

Can complete all assigned work
Can document care activities
Cannot accidentally delete important records
Cannot change critical settings
Reduces training complexity

Client Role is Automatic

Don’t manually assign Client role to staff members:

Client Role Is For:

Horse owners using the portal
Clients accessing their horses’ information
Non-staff with viewing needs

Never Use Client Role For:

Barn staff (they need Member at minimum)
Contractors who need to do work (use Member)
External service providers

Security Best Practices

Regular Role Audits

Review user roles quarterly to ensure they’re still appropriate:

Check:

Are there too many Admins?
Do Managers still need that access level?
Have staff responsibilities changed?
Are there inactive users with access?

Adjust:

Downgrade roles when possible
Remove access for departed staff
Update roles to match current responsibilities

Immediate Access Removal

When a team member leaves:

Immediately remove their user access from Settings → Team
Mark their staff profile as inactive
Reassign their tasks to others
Review any programs they managed
Update emergency contact information

Don’t Wait: Remove access the same day someone leaves. Delayed removal creates security risks.

Password and Authentication

Encourage strong security practices:

Strong, unique passwords
Enable two-factor authentication (if available)
No password sharing between team members
Regular password changes (every 90 days recommended)
Immediate password reset if compromise suspected

Access Monitoring

Admins should periodically review:

Who has access to what
When users last logged in
What critical actions were taken (audit logs)
Any unusual access patterns

Role Assignment Scenarios

Scenario 1: Small Barn (10-30 horses)

Team:

Owner/operator
Assistant manager
2 part-time grooms

Recommended Roles:

Owner: Admin (needs billing)
Assistant manager: Manager (oversees operations)
Grooms: Member (execute daily care)

Scenario 2: Medium Barn (50-100 horses)

Team:

Business owner
Barn manager
Assistant manager
Head trainer
4 full-time staff
3 part-time staff

Recommended Roles:

Business owner: Admin (needs billing)
Barn manager: Manager (oversees operations)
Assistant manager: Manager (coordinates staff)
Head trainer: Manager (manages training programs)
Full-time staff: Member (execute daily care)
Part-time staff: Member (execute daily care)

Scenario 3: Large Operation (150+ horses)

Team:

Business owner
Operations director
Multiple barn managers
Department heads (training, health, maintenance)
Large staff team

Recommended Roles:

Business owner: Admin (needs billing)
Operations director: Admin (needs full system control)
Barn managers: Manager (oversee their sections)
Department heads: Manager (manage their departments)
General staff: Member (execute assigned work)

Scenario 4: Training Facility

Team:

Owner/head trainer
Assistant trainers
Grooms
Horse owners (clients)

Recommended Roles:

Owner/head trainer: Admin (needs billing)
Assistant trainers: Manager (manage training programs)
Grooms: Member (handle horse care)
Horse owners: Client (portal access to their horses)

Common Questions

Can I create custom roles?

No, EquineOps uses four standard roles. This simplicity ensures consistent security and reduces confusion.

What if someone needs access to only certain horses?

All staff roles (Admin, Manager, Member) can see all horses. This ensures complete operational visibility. Use task assignment to focus attention on specific horses.

Can a user have multiple roles?

No, each user has exactly one role. Choose the role that best matches their highest level of responsibility.

What happens if I downgrade someone’s role?

They immediately lose access to capabilities they had before. Ensure you communicate role changes to avoid confusion.

Can Members see expenses or billing?

No, only Admins and Managers can view expenses. Billing is Admin-only.

Do Clients count against my user limit?

This depends on your subscription plan. Check your plan details or contact support for clarification.

Can I temporarily give someone higher access?

Yes, change their role temporarily, then change it back when done. Role changes are instant.

What if I accidentally make someone an Admin?

Change their role back to the appropriate level immediately. Review any actions they took while having Admin access.

Need Help?

Questions about roles and permissions? Contact our support team for assistance.

Next Steps

Now that you understand roles and permissions, you might want to: