Create custom roles beyond the 15 built-in levels. Define granular permissions for each role to match your agency's unique organizational structure.
XeroFlow ships with 15 roles from owner to guest, but every agency is different. Create custom roles like 'Junior Media Buyer' with ad spend visibility but no budget editing, or 'External Contractor' with board access but no financial data. Custom roles inherit a base permission set that you can expand or restrict.
Each role is defined by a matrix of 15+ permission areas — finance, creative, media buying, client management, admin, board access, chat, time tracking, and more. Toggle permissions on or off for each area. The permission matrix is visual, showing exactly what each role can and cannot do at a glance.
Permissions are not just a frontend concept. Every API endpoint checks the user's resolved permissions via server middleware. Even if someone manipulates the frontend, the server blocks unauthorized actions. Role resolution happens on every request, so permission changes take effect immediately without requiring users to log out.
Assign roles from the admin user management panel. Change a user's role and their sidebar, available pages, and API access update instantly. Bulk role changes are supported for team restructuring. An audit trail tracks who changed what role and when, so you always know who authorized access changes.