Resources/Getting Started
Back to Resources

Understanding User Roles and Permissions

Published on 11/9/2025
by RefriTrak Team
getting-starteduserspermissionsrolessecurity

Learn about the five user roles in RefriTrak and how permissions control access to features across your organization.

Understanding User Roles and Permissions

RefriTrak uses a role-based access control system to ensure users have appropriate access to features and data. Understanding these roles is essential for properly managing your team and maintaining security.

The Five User Roles

RefriTrak has five primary user roles, each designed for specific responsibilities within your organization:

1. PARENT_ORG_ADMIN (Parent Organization Administrator)

Who should have this role: Business owners, executives, or top-level administrators managing multiple locations or sub-organizations.

Key Responsibilities:

  • Manage parent organization and all sub-organizations (PRO/ENTERPRISE only)
  • Create and configure sub-organizations
  • Access parent org dashboard with aggregated analytics
  • Manage billing and subscription settings
  • Assign sales territories to sales representatives
  • View and manage users across all sub-organizations
  • Access all reporting and compliance features

Special Features:

  • Organization switcher in top navigation
  • Multi-org dashboard view
  • Billing page access
  • Sub-organization management
  • Sales territory assignment

2. ORG_ADMIN (Organization Administrator)

Who should have this role: Office managers, operations managers, or site administrators responsible for a single location.

Key Responsibilities:

  • Manage organization settings (name, EIN, brand, EPA config)
  • Add, edit, and remove users within their organization
  • View organization analytics and reports
  • Manage all customers, equipment, and jobs
  • Access compliance reporting
  • Configure organization preferences

Key Differences from PARENT_ORG_ADMIN:

  • Cannot create sub-organizations
  • No access to billing page
  • Cannot switch between organizations
  • Limited to their own organization's data

3. MANAGER

Who should have this role: Field supervisors, operations coordinators, or team leads who oversee technicians.

Key Responsibilities:

  • Oversee jobs and appointments
  • Manage technician schedules
  • Create and assign work orders
  • Access tech tools (technician interface view)
  • Review and approve transfers
  • Run operational reports
  • Manage projects

Access Highlights:

  • Create, view, edit, and manage customers, jobs, units, and cylinders
  • Can create and assign technicians to jobs
  • View reports and analytics
  • Access tech tools for field support
  • Cannot delete critical records (units, cylinders, jobs)
  • Cannot manage organization settings

4. TECHNICIAN

Who should have this role: Field technicians, service technicians, or anyone performing on-site work.

Key Responsibilities:

  • View and complete assigned appointments
  • Record refrigerant transfers in the field
  • Report leaks and equipment issues
  • Add and update equipment information
  • Move cylinders between locations
  • Create job notes and documentation

Dashboard View:

  • Appointment calendar and list
  • Quick access buttons for units and cylinders
  • Simplified interface focused on field tasks
  • Mobile-optimized workflow

Limitations:

  • Cannot delete records
  • Cannot manage users or settings
  • Cannot access billing or organization management
  • Cannot decommission units

5. SALES

Who should have this role: Sales representatives focused on cylinder sales and customer acquisition.

Key Responsibilities:

  • View cylinders marked FOR_SALE
  • Access sales dashboard
  • Manage assigned sales territories (PARENT_ORG_ADMIN assigns)
  • Track leads and opportunities
  • View customer information

Special Features:

  • Sales-specific dashboard showing available inventory
  • Territory-based filtering

Limitations:

  • Cannot modify equipment or perform transfers
  • Limited to viewing cylinders for sale
  • Cannot access organization settings
  • No access to billing

Role Assignment Best Practices

Choose the Right Role

Consider these factors:

  1. Responsibility Level: What decisions does this person make?
  2. Data Access Needs: What information do they need to see?
  3. Mobility: Do they work in the field or office?
  4. Security: Should they have access to financial or settings?

Common Role Assignments

Small Business (1-5 people):

  • Owner → ORG_ADMIN or PARENT_ORG_ADMIN
  • Office Staff → MANAGER
  • Field Workers → TECHNICIAN

Medium Business (5-25 people):

  • Owner/Executive → PARENT_ORG_ADMIN
  • Office Manager → ORG_ADMIN
  • Lead Technicians → MANAGER
  • Field Techs → TECHNICIAN
  • Sales Team → SALES

Multi-Location Enterprise:

  • Corporate Administrator → PARENT_ORG_ADMIN
  • Branch Managers → ORG_ADMIN (one per location)
  • Supervisors → MANAGER
  • Field Technicians → TECHNICIAN
  • Sales Representatives → SALES

Changing User Roles

Who Can Change Roles?

  • PARENT_ORG_ADMIN can assign any role except other PARENT_ORG_ADMIN roles
  • ORG_ADMIN can assign MANAGER, TECHNICIAN, and SALES roles
  • MANAGER can assign TECHNICIAN roles only

How to Change a User's Role

  1. Navigate to Organization from the top navigation
  2. Select the Users tab
  3. Find the user and click their menu (three dots)
  4. Select Edit User
  5. Choose the new role from the dropdown
  6. Click Save Changes

Important: Role changes take effect immediately. The user will see their new permissions the next time they refresh or log in.

Security Considerations

Principle of Least Privilege

Always assign the minimum role needed for someone to do their job effectively. This:

  • Reduces risk of accidental data changes
  • Limits exposure if credentials are compromised
  • Ensures audit trails are meaningful
  • Maintains data integrity

Regular Role Reviews

Best Practice: Review user roles quarterly

  • Remove access for former employees immediately
  • Adjust roles as responsibilities change
  • Audit who has ADMIN-level access
  • Document why users have elevated permissions

Multi-Factor Authentication (MFA)

While RefriTrak manages authentication, consider these security practices:

  • Use strong, unique passwords
  • Enable MFA if available
  • Don't share login credentials
  • Log out on shared devices

Common Questions

Q: Can I have multiple PARENT_ORG_ADMIN users?
A: Yes, but use this sparingly. Multiple PARENT_ORG_ADMINs all have full access to billing and can delete sub-organizations.

Q: What happens if I delete a user?
A: Their account is deactivated but their historical data (transfers, jobs, notes) remains intact with their name attached.

Q: Can users have access to multiple organizations?
A: Yes! PARENT_ORG_ADMIN users can grant multi-org access via the accessibleOrgIds field when editing a user. This is useful for consultants or roving supervisors.

Q: Can TECHNICIAN users access the system from mobile devices?
A: Yes, RefriTrak is fully responsive. Technicians get an optimized mobile experience when accessing from phones or tablets.

Q: What's the difference between ORG_ADMIN and PARENT_ORG_ADMIN if I only have one organization?
A: Functionally similar for single-org operations, but PARENT_ORG_ADMIN has access to billing and can create sub-organizations if you upgrade to PRO/ENTERPRISE.

Next Steps

Now that you understand user roles:

  1. Set Up Your Organization - Configure your organization profile and settings
  2. Managing Users and Teams - Learn how to add and manage team members
  3. Navigating RefriTrak Interface - Explore the interface for your role

Need Help? Use the support form in your user menu (top right) to report issues or ask questions about user permissions.