Skip to main content

Team roles and permissions

RestaPro has three roles inside the workspace, hierarchical and clearly separated.

The three roles

Owner

Full workspace access. Only exists at workspace level (not per restaurant). The owner can:

  • Full management of billing and Stripe subscriptions.
  • Invite others with any role (owner included).
  • Adjust any member's role.
  • Edit global settings.
  • Access workspace analytics.
  • Delete the workspace (irreversible).
  • Everything admins and staff can do.

Admin

Broad permissions except critical billing:

  • Full management of each restaurant.
  • Edit menu, hours, tables, operational config.
  • Invite staff (not admins or owners).
  • Adjust staff roles.
  • View analytics.
  • Manage reservations, walk-ins, customers.
  • Configure integrations.
  • Cannot: change plan, cancel subscription, create new owners, delete workspace.

Staff

Daily operations:

  • Create, edit, confirm, cancel reservations.
  • Register walk-ins.
  • View customers and edit internal notes.
  • Limited menu management (view; edit depending on config).
  • View tables and service states.
  • Cannot: invite members, edit settings, view billing, view analytics.

How to invite a member

Under Settings → Members:

  1. New member's email.
  2. Role (owner/admin/staff).
  3. (Optional) Specific restaurants they'll have access to.
  4. Send.

RestaPro automatically:

  • If the email is new: creates an account with a temporary password and emails it.
  • If it already exists: adds them to the workspace directly.
  • Inserts rows into workspace_users and restaurant_users with the indicated role.
  • Sends them an email with access instructions.

For security, the temporary password is never shown on screen - only in the email to the recipient.

Security validations

  • Only owners create owners: an admin cannot promote someone to owner.
  • Unique email: you can't invite the same email twice to the same workspace.
  • Rate limiting: max 10 invitations per hour per workspace.
  • Auditable role changes: every move is recorded in activity_log.

Authentication

Two login methods:

Email + password

Standard, password with at least 8 characters, bcrypt hash in the DB.

Google Sign-In

OAuth with your Google account. RestaPro links the Google identity to the profile. No extra password to remember.

Multi-factor authentication (MFA)

Support for TOTP (Google Authenticator, Authy, Microsoft Authenticator):

  • The workspace_users_mfa table records mfa_required_at per workspace.
  • Owner decides when to activate it and from what date it's mandatory.
  • Gradual rollout: a grace period for each member to enroll their authenticator.

Activate MFA in Settings → Security → Activate 2FA:

  1. Scan the QR with the authenticator app.
  2. Enter the 6-digit code to confirm.
  3. On the next login, email + password + code.

Change a member's role

Owner only. Settings → Members:

  1. Pick a member.
  2. Change the role from the dropdown.
  3. Confirm.

The change applies immediately, no re-login needed.

Best practices

  • Few owners: only those actually running the business.
  • MFA mandatory for owner/admin: critical accounts deserve 2FA.
  • Staff by default: if someone doesn't need to edit the menu or cancel reservations, give them the staff role.
  • Revoke when leaving: when someone leaves the team, remove their access from Settings → Members.
  • Audit periodically: review the member list 1-2 times a year.
Last updated on
ESENCA