Understanding User Roles and Permissions in TenancyDesk

Updated July 14, 2026

Role-Based Access Control (RBAC) system in TenancyDesk ensures that every team member has the appropriate level of access - no more, no less.

Why RBAC Matters

Security: Prevent unauthorized access to sensitive financial data Compliance: Audit trail for all actions (who did what and when) Efficiency: Right data to the right people Accountability: Clear roles = clear responsibilities


The Four Roles in TenancyDesk

1. Admin (Administrator)

Who: Company owner, IT director, Finance director

Full access to:

  • All deals in the company
  • All team members and their management
  • Billing and subscriptions
  • All settings (company, integrations, workflows)
  • API keys and Webhook management
  • Company-level reports and analytics

Special permissions:

  • Add/remove any team member (including other Admins)
  • Change plan (Solo/Starter/Pro/Enterprise)
  • Access full audit logs
  • Export all company data (JSON, Excel, CSV, PDF)
  • Permanently delete deals
  • Configure SSO (Enterprise only)

Use cases:

  • Initial company setup
  • Managing billing and subscriptions
  • Configuring integrations (API keys, WhatsApp, webhooks)
  • Company-level team management
  • Accessing all deal data for review/audit purposes

2. Manager

Who: Branch manager, Operations manager, Sales lead

Access to:

  • All deals in the company (create, view, edit)
  • All company reports and analytics
  • View team member names and roles (read-only โ€” cannot invite or remove)
  • Track payments and collections across all deals
  • Monitor compliance across all deals

Limited permissions:

  • Cannot manage billing or change plan
  • Cannot invite or remove team members (Admin only)
  • Cannot access API keys or Webhook settings
  • Cannot change company settings
  • Cannot export full company data (can only export their reports)

Use cases:

  • Overseeing all deals in branch/company
  • Reviewing agent performance via reports
  • Viewing team composition (read-only team page)
  • Monitoring compliance and payment status
  • Managing workload distribution across agents

Example: Branch manager with 10 agents. They can:

  • View all deals of all 10 agents
  • Run revenue and performance reports
  • View team page to see who has which role (but cannot modify)
  • Track payment collections across all deals

3. Team Lead

Who: Senior agent, Team supervisor

Access to:

  • Create and manage own deals
  • View team members' deals and tasks
  • Team dashboard statistics
  • Team performance reports
  • Assign and reassign tasks within team
  • Full access to properties and contacts

Limited permissions:

  • Cannot see deals outside their team
  • Cannot manage billing or company settings
  • Cannot invite or remove team members
  • Cannot access company-wide reports (team only)

Use cases:

  • Managing own deals while mentoring junior agents
  • Daily supervision via team dashboard
  • Running team reports for performance reviews
  • Reassigning tasks when agents are busy

Example: Senior agent leading a team of 4 agents. They can:

  • Create and manage their own deals
  • View all 4 team members' deals and task progress
  • Check team dashboard for key metrics
  • Run team performance reports for monthly reviews
  • Reassign a stuck task from one agent to another

4. Agent

Who: Real estate agent, Property consultant, Leasing manager

Access to:

  • Only their own deals (created by them or assigned to them)
  • Creating new deals
  • Upload/delete documents for their deals
  • Generate contracts and prepare Ejari
  • Send communications (Email, SMS, WhatsApp) to clients
  • Use Deal Portal for their clients
  • View their own statistics (deal count, total AED value, closing rate)

Limited permissions:

  • Cannot view other Agents' deals (unless shared by Admin/Manager)
  • Cannot approve deals >AED 200,000 (needs Manager approval)
  • Cannot override compliance blocks
  • Cannot view team reports or company analytics
  • Cannot modify workflow settings
  • Cannot export bulk deal data (can only export their deals)

Use cases:

  • Creating and managing their own rental deals
  • Uploading tenant/owner documents
  • Generating contracts and sending for signature
  • Preparing Ejari submission packages
  • Tracking rent payments for their clients
  • Using Deal Portal to collect documents from tenants

Example: Agent managing 15 active deals. They can:

  • View all 15 of their deals only (not other agents' deals)
  • Create a new deal for a new tenant
  • Upload tenant's Emirates ID and title deed
  • Generate tenancy contract and share it for signing
  • Prepare Ejari submission and send to Manager for approval (if >AED 200k)

5. Property Administrator

Who: Office administrator, Ejari/Tawtheeq specialist, Document processor, Payment reconciliation staff

Access to:

  • View all company deals, payments, tasks, and compliance
  • Upload, verify, and organize documents
  • Prepare Ejari / Tawtheeq registration
  • View all payment schedules and track collections
  • Verify tenant and owner KYC documents
  • Browse all company properties and contacts

Limited permissions:

  • Cannot create deals or modify deal terms
  • Cannot create or edit properties
  • Can view all company deals but can only edit assigned deals
  • Cannot view reports or analytics
  • Cannot manage team or settings (except own profile)

Use cases:

  • Document collection and verification across all company deals
  • Preparing Ejari/Tawtheeq registration packages
  • KYC verification of tenant and owner documents
  • Payment schedule monitoring and reconciliation
  • Browsing property listings and contact records

Example: Office administrator supporting 5 agents. They can:

  • View all company deals for Ejari prep and payment reconciliation
  • Upload Emirates IDs and verify KYC documents
  • Prepare Ejari submission package for any deal
  • Check payment schedule status across all deals
  • Browse all company properties and contacts
  • Edit only deals assigned to them
  • Cannot create new deals, properties, or contacts

Permission Matrix (Page Access)

PageAdminManagerTeam LeadAgentProperty Administrator
DashboardFullFullTeamOwnAll (read)
DealsFullFullTeamOwnAll (read), edit assigned
PropertiesFullFullFullFullView only
ContactsFullFullFullFullView only
TasksFullFullTeamOwnAll (read)
ComplianceFullFullFullOwnView only
PaymentsFullFullFullOwnView only
ReportsFullFullTeam
TeamFullView only
SettingsFullProfile onlyProfile onlyProfile onlyProfile only

Key: Full = CRUD, Team = team-scoped, Own = own data, All (read) = view all company data but edit only assigned, View only = read-only


Best Practices for Role Management

Principle of Least Privilege:

  • Start with the minimum possible role
  • Upgrade only when necessary
  • Review and audit permissions quarterly

Separation of Duties:

  • Don't give the same person deal creation + financial approval
  • Use Property Administrators for administrative work, not Agents
  • Keep API access for Admins only

Security:

  • Make Two-Factor Authentication (2FA) mandatory for all Admins and Managers
  • Review access logs monthly
  • Disable inactive accounts (>30 days without login)
  • Remove departed users immediately

Audit Trail:

  • All actions are logged with user ID, role, timestamp
  • Review audit logs weekly for sensitive changes
  • Export audit logs for compliance reviews

Clear roles = smooth operations. Set up your team with the right access for maximum efficiency and security.

Was this article helpful?

Related Articles

Stay Updated

Get the latest guides, tips, and updates delivered to your inbox.

By subscribing, you agree to receive emails from TenancyDesk. Unsubscribe anytime.

Still need help?

Our support team is ready to assist you with any questions.

Contact Us