This security feature allows you to control who can access or edit specific areas of the system by assigning roles to users. Each role contains a customizable set of permissions, giving you flexible control over user access across teams, locations, and responsibilities.
🔐 Why This Matters
With Roles and Permissions, you can:
Restrict access to sensitive settings and data
Define what each employee or admin is allowed to view, edit, or delete
Apply role-based control to reports, concessions, scheduling, customer records, and more
Safely promote or demote users while automatically updating their access levels
Preview and test permission sets before applying them live
🛠 Where to Access It
You’ll find the new feature in IndyAdmin > Settings > Roles, under the new Security section.
👥 Roles: The Basics
Users can have one or more roles
Roles contain one or more permissions
A user only needs one matching permission across any of their roles to be granted access to a specific action or area
There are two default roles:
Admins → Full system access
Operators → Limited to POS, KDS, and other operational functions- Circuit Admin → Grants access to circuit-level features, including viewing reports and searching orders
Circuit Employee → Provides circuit-level access with specific permissions for operational tasks, but excludes admin privileges
📝 Internal Note: All existing users have been assigned default roles automatically during rollout to avoid any disruption to your operations.
🧩 Assigning Roles to Users
There are two ways to assign a user to a role:
1. From the Roles Page
Go to Settings > Roles
Select a role
Open the Users tab
Add employees from there
2. From the Team Page
Go to Settings > Team
Click on a user
Navigate to the new Employee tab (formerly Security tab)
Use the Roles table to assign or remove roles
🔒 You can only assign roles that you have permission to assign — this can also be customized per user.
➕ Creating a New Role
Go to Settings > Roles
Click + Create Role
Enter a unique name for the role (e.g., Box Office Manager, Concessions Only)
Click Add Permissions and select the access levels this role should have
Permissions are organized by system area (e.g., Reports, Customers, Concessions), and for each you can choose:
View – Can see records
Manage – Can edit and create
Delete – Can archive or remove
Access – Broad permission to open sections or perform high-level tasks- Concessions – Enables circuit-level access for roles like Customer Service to manage reporting and orders
📝 View/Manage/Delete maps roughly to read/edit/archive access. You can mix and match per role.
🔍 Previewing Role-Based Access (Live Testing Tool)
Admins now have access to a Preview Permissions tool. This lets you test the system as if you were logged in as a specific user or role.
To access:
Go to Settings > Roles
If you have permission, you’ll see “Preview Permissions”
Choose:
A specific user
A specific role
A custom set of permissions
While previewing, the system behaves exactly as it would for that user — menus disappear, actions become locked, and restricted pages are hidden.
Click Stop to exit the preview and return to your own access level.
📝 Preview persists through page refreshes. Use this to confirm role restrictions before applying them in live settings.
🔐 Restricting Specific Records (Granular Permissions)
Some permissions allow record-level restrictions — great for scenarios where you want a role to:
Access some but not all reports, customers, or employee records
Restrict a regional manager from editing IT users
Block access to specific financial reports- Restrict access to circuit-level reports while maintaining general reporting permissions
Example: Restricting Access to a Specific Report
Assign the “View Reports” permission to a role
Click into the Restricted Records column
Choose:
“Only allow access to these records”
OR “Allow all except these records”
Select or search for the reports to include or exclude (e.g. Showtime Grid)
The system will now hide or block access to those specific records.
📝 Restricted records currently apply to reports, team members, and role management. More categories will be added.
🔧 Default Role Assignments on Promotion/Demotion
When promoting or demoting a user:
Promoting to Admin → adds default Admin role
Promoting to Employee → adds Operator role
Demoting removes elevated roles automatically
A new UI provides better visibility over the change, allowing you to confirm what permissions each user will have.
✅ Use Cases
Role | Example Use Case |
Box Office Manager | Full access to POS, ticketing, and customer support — no access to pricing or reports |
Concessions Staff | Access to Concessions & Inventory, but no access to customer or POS tools |
Regional Manager | Can manage staff in their region but cannot access sensitive admin roles |
Reports Viewer | Can view reports but cannot export or delete them |
IT Support | Can manage security and user roles, but cannot modify operational data |
Watch the Tutorial