Standard Role Permissions in Onsite
A full reference for all 17 standard roles in Onsite, covering what each role can and cannot access. Use this article to decide which role to assign to a team member, or to understand why a member can or cannot perform a specific action.
How Access Works in Onsite
Before reviewing individual role permissions, understand the two-level access system:
| Level | What It Controls |
|---|---|
| Role | What modules and actions a member can see and perform |
| Project Access | Which specific projects the member can see |
Both levels apply to every role including Admin. A member with any role can only see projects they have been explicitly added to. Role permissions alone do not grant project visibility.
Quick Role Comparison
| Role | Financial Access | Operational Access | Settings Access |
|---|---|---|---|
| Admin | Full | Full | Full |
| Senior Manager | Full | Full | Limited |
| Manager | Partial | Full | None |
| Accountant | Full | Partial | None |
| Sales Manager | Invoices and CRM | Partial | None |
| Purchase Manager | Procurement only | Procurement and Material | None |
| Warehouse Manager | None | Material and Inventory | None |
| Site Engineer | Petty cash only | Full site operations | None |
| Supervisor | Petty cash only | Attendance and tasks | None |
| Associate HR | Payroll and attendance | Attendance | None |
| Design Engineer | None | Design files only | None |
| Data Entry Operator | Partial | Partial | None |
| Project Partner | View only | View only | None |
| Sub Contractor | Their work only | Their work only | None |
| Operator | None | Equipment only | None |
| Client | View only | View only | None |
| Viewer | View only | View only | None |
Role-by-Role Breakdown
Admin
The Admin role has full access to all modules, all Settings, and all features in Onsite. Admins can create and edit roles, manage team members, configure company settings, and access all financial and operational data.
Note: Admins are also subject to project-level access. An Admin can only see projects they have been added to. Being an Admin does not automatically give visibility into all projects.
Assign Admin to: Company owners, directors, or IT administrators who need full control over the platform.
Senior Manager
Senior Managers have broad access across both financial and operational modules. They can see invoices, party balances, transactions, project estimates, procurement, and all site operations.
Can access:
- All project financial data including invoices, transactions, party balances
- BOQ and project estimates
- Procurement: POs, RFQs, GRNs
- Payroll and attendance
- Task management across all team members
- Reports and DPR
- CRM Leads and Quotations
- Design files
Cannot access:
- Company Settings (cannot add members, change roles, or edit company profile)
- Roles and Access
Assign Senior Manager to: Senior project managers, project directors, or department heads who need full project oversight but should not manage company settings.
Manager
Managers have strong operational access and partial financial visibility. They can manage day-to-day project operations but have restricted access to sensitive financial data.
Can access:
- Task management for all team members
- Attendance marking and management
- Material management: GRN, material usage, transfers
- Subcontractor management and work orders
- BOQ and project estimates
- Site photos, inspections, DPR
- Equipment management
- Design files
Cannot access:
- Sales invoices and client billing
- Party balances and ledgers
- Company-level finance tab
- Payroll and salary data
- Company Settings
Assign Manager to: Project managers, site in-charges, or construction managers who oversee execution but should not see client financial data.
Accountant
Accountants have full access to all financial modules but limited access to operational and design modules.
Can access:
- All project and company-level transactions
- Company Finance tab
- Sales invoices
- Purchase orders, RFQs, vendor quotations
- BOQ and project estimates
- Subcontractor work orders and billing
- CRM Quotations
- Party balances and ledgers
- Reports: financial, procurement, payment
Cannot access:
- Design files
- MOM (Minutes of Meeting)
- CRM Leads (can see quotations but not the lead pipeline)
- Task management
Assign Accountant to: Accounts executives, finance managers, or billing staff who handle all financial transactions and reporting.
Sales Manager
Sales Managers are focused on client-facing activities. They have access to the CRM pipeline, quotations, and invoices but limited access to site operations.
Can access:
- CRM Leads: full access to the lead pipeline
- CRM Quotations
- Sales Invoices
- BOQ and project estimates
- Client party profiles and balances
Cannot access:
- Payroll and HR data
- Material and procurement modules
- Company-level finance tab (beyond client invoices)
- Site operations and attendance
Assign Sales Manager to: Sales executives, business development staff, or client relationship managers.
Purchase Manager
Purchase Managers handle all procurement activities. They have full access to the procurement workflow from material requests through to purchase orders and GRN.
Can access:
- Material Requests (MR)
- Request for Quotation (RFQ)
- Purchase Orders
- Goods Received Notes (GRN)
- Vendor party profiles
- Material library and inventory
Cannot access:
- Sales invoices and client financial data
- Party balances beyond vendor accounts
- Payroll and HR modules
- Company Settings
Assign Purchase Manager to: Procurement officers, purchase executives, or anyone managing vendor relationships and material ordering.
Warehouse Manager
Warehouse Managers focus on material and inventory operations within the warehouse. They do not have financial or payroll access.
Can access:
- Warehouse module: stock levels, stock movements
- Material GRN and material transfers
- Material issue to subcontractors
- Inventory reports
Cannot access:
- Financial transactions and invoices
- Purchase Orders and RFQs (managed by Purchase Manager)
- Payroll and attendance
- CRM and sales modules
Assign Warehouse Manager to: Store keepers, inventory managers, or warehouse supervisors managing on-site or company-level material stock.
Site Engineer
Site Engineers handle day-to-day site operations. They can record site activity but cannot access company financial data.
Can access:
- Task progress: update with photos and measurements, mark as Ongoing, Completed, Needs Revision
- Material: create GRNs, record material used, issue to subcontractors
- Attendance: mark attendance for site workers, bulk punch in and out
- Site expenses: record their own site-level expenses
- Petty cash: view their own petty cash balance transferred by the company
- Party to party payments: payments made from their own petty cash balance
- Equipment: update usage logs, record fuel
- Inspections: create and submit inspection entries
- Subcontractor progress: update measurements and photos
- Site photos: upload and tag to project areas
- DPR: download and share daily progress reports
- Design files: view only
- To Do: manage their own tasks
Cannot access:
- Sales invoices and client billing
- Party balances and ledgers
- Company-level finance tab
- Payroll and salary data
- CRM and quotation modules
- Company Settings
How Petty Cash Works for Site Engineers
The Admin or Accountant transfers money to the site engineer from the Transaction tab. The site engineer uses this balance to pay for on-site expenses. They can see their own balance (amount transferred minus amount spent) but cannot see any other financial data.
Supervisor
Supervisors have access to attendance and task management but more limited operational access than Site Engineers.
Can access:
- Attendance: mark attendance for site workers, bulk punch in and out
- Task progress: update tasks assigned to the team
- To Do: manage their own tasks
- Site photos: upload and tag to project areas
- Petty cash: view their own balance if money has been transferred to them
Cannot access:
- Material management (GRN, usage, transfers)
- Equipment logs
- Financial data of any kind
- Inspection creation
- Company Settings
Assign Supervisor to: Site supervisors, foremen, or team leaders who manage attendance and task oversight without needing full site engineer access.
Associate HR
Associate HR handles payroll and attendance management. They do not have project financial or operational access.
Can access:
- Attendance: view and manage attendance records for all staff
- Payroll: manage salary, create salary templates, process payroll
- Labour and staff profiles in Payroll
Cannot access:
- Project transactions and invoices
- Material and procurement modules
- Task management and DPR
- CRM and quotation modules
- Company Settings
Assign Associate HR to: HR executives, payroll administrators, or anyone managing staff attendance and salary processing.
Design Engineer
Design Engineers have access specifically to design file management. They do not have financial or operational permissions beyond their core function.
Can access:
- Design files: upload, manage versions, share design documents
- Design approval workflow
Cannot access:
- Financial data of any kind
- Material and procurement modules
- Attendance and payroll
- CRM and quotation modules
Assign Design Engineer to: Architects, draughtsmen, structural engineers, or anyone responsible for managing and distributing project drawings and design files.
Data Entry Operator
Data Entry Operators can enter and record data across modules but have restricted edit and approval rights.
Can access:
- Data entry across permitted modules: material entries, task updates, attendance records
- View access to relevant project data depending on configuration
Cannot access:
- Approval and authorisation actions
- Financial data beyond what is configured
- Settings and role management
Note: The specific access for Data Entry Operator varies based on how the company has configured it. This role is typically customised. Check your company’s role configuration for exact permissions.
Assign Data Entry Operator to: Administrative staff, data entry assistants, or support staff responsible for feeding site data into the system.
Project Partner
Project Partners have read-only visibility into project data. They are typically external stakeholders involved in a project but not managing it.
Can access:
- Project dashboard and summary data
- Task status and progress (view only)
- Design files (view only, depending on configuration)
Cannot access:
- Creating or editing any entries
- Financial data
- Payroll and HR modules
- Company Settings
Assign Project Partner to: Joint venture partners, consultants, or external stakeholders who need project visibility without edit access.
Sub Contractor
Subcontractors can see and manage data specifically related to their own work orders. They cannot see other subcontractors’ work or any company financial data.
Can access:
- Their own subcontractor work orders
- Progress entries for their own work
- Photos and measurements for their assigned tasks
Cannot access:
- Other subcontractors’ work orders or billing
- Company financial data
- Procurement and PO data
- Payroll and HR modules
Assign Sub Contractor to: External subcontracting firms or individuals who need to update their own work progress directly in the app.
Operator
Operators manage equipment and machinery tracking. This is a highly specific role with access limited to equipment-related activities.
Can access:
- Equipment usage logs
- Fuel records
- Equipment downtime entries
Cannot access:
- Financial data of any kind
- Task and attendance modules
- Material management
- Company Settings
Assign Operator to: Machine operators, equipment supervisors, or plant managers responsible for tracking equipment usage.
Client
The Client role gives external clients visibility into project progress without exposing internal financial or operational data.
Can access:
- Project progress and task status (view only)
- Shared design files (if configured)
- Site photos (if shared)
Cannot access:
- Financial transactions, invoices, or party balances
- Internal team data or payroll
- Material and procurement modules
- Company Settings
Assign Client to: Clients or owners who need to track project progress and want read-only visibility into the project from their phone or browser.
Viewer
The Viewer role is the most restricted standard role. It provides read-only access to whatever the Admin has permitted in that role’s configuration.
Can access:
- View-only access to configured modules (no create or edit rights)
Cannot access:
- Creating, editing, or deleting any data
- Financial modules
- Company Settings
Assign Viewer to: Senior stakeholders, investors, or auditors who need visibility but must not make any changes to project data.
Financial Access Summary
| Role | Sales Invoices | Party Balances | Company Transactions | Procurement | Payroll |
|---|---|---|---|---|---|
| Admin | Yes | Yes | Yes | Yes | Yes |
| Senior Manager | Yes | Yes | Yes | Yes | Yes |
| Manager | No | No | No | Partial | No |
| Accountant | Yes | Yes | Yes | Yes | No |
| Sales Manager | Yes | Yes | Partial | No | No |
| Purchase Manager | No | Vendor only | No | Yes | No |
| Warehouse Manager | No | No | No | Partial | No |
| Site Engineer | No | No | No | No | No |
| Supervisor | No | No | No | No | No |
| Associate HR | No | No | No | No | Yes |
| All Others | No | No | No | No | No |
Tips
- Petty cash is the only financial tool available to Site Engineers and Supervisors. If a site team member needs to make payments, transfer money to them from the Transaction tab and they can record expenses against that balance.
- Sales invoices and party balances are always hidden from site roles by design. This is intentional. If a site team member needs financial visibility, upgrade their role to Manager or create a custom role with the specific permissions needed.
- The Client and Viewer roles are safe to assign to external parties. Neither role exposes internal financial data or team information.
- Custom roles can be created in Settings, then Roles and Access, then the Roles tab. Start by duplicating the closest standard role and adjusting permissions. See How to Create and Edit User Roles.
- Every role including Admin is subject to project-level access. Always add a new member to their projects after assigning a role.
If Something Goes Wrong
| Problem | Likely Cause | What to Do |
|---|---|---|
| Site engineer cannot see party balance | By design. Site roles do not have financial access. | Transfer petty cash to them from the Transaction tab if they need to make payments. |
| Site staff can see company transactions | Role has been upgraded beyond Site Engineer or Supervisor | Check the role assigned in Roles and Access and correct it. |
| Site engineer cannot see a project | Not added to the project | Add them via Settings, then Roles and Access, then their Access column. |
| Accountant cannot see design files | By design. Design files are excluded from the Accountant role. | Assign a custom role that includes both Accountant permissions and design file access. |
| Accountant cannot see CRM leads | By design. Accountant role excludes CRM leads. | If needed, create a custom role or assign a different role that includes CRM access. |
| Client can see financial data they should not | Client role has been customised with extra permissions | Go to Settings, then Roles, then edit the Client role and remove financial permissions. |
| Viewer can create entries | Viewer role has been customised with create permissions | Go to Settings, then Roles, then edit the Viewer role and turn off create and edit access. |