Important to know:
You should have at least one user account with User management permission enabled to access, view, and edit users through the Manage users page.
If you don’t have User management permission enabled, ask a colleague with this permission to enable it for you (if appropriate).
Best practices for managing user accounts
User accounts and their permissions should be carefully managed, as they give access to view and manage information — like payment details and guest’s personally identifiable information (PII). We have compiled some best practices below to help you protect your user and guest data in accordance with data regulations.
Do not write down usernames and passwords — to help protect your credentials and prevent them from falling into the wrong hands. If a malicious person gets access to your password, your account and guest data would be vulnerable. A data breach can not only potentially affect your guests, but also your property’s reputation and revenue.
Do not share computers and browsers (whenever possible) — browsers tend to remember user information. If you do share a computer, remember to log out each time and do not allow your browser to save your credentials.
Do not share user accounts — each person using the platform must have their own user account (with a unique e-mail address). No shared e-mails should be used to create user accounts (like info@hotel.com or bookings@hotel.com). Sharing user accounts is against the Payment Card Industry Data Security Standards (PCI DSS).
Why you should not share user accounts
Sharing user accounts is against the Payment Card Industry Data Security Standards (PCI DSS). According to the PCI DSS, an organisation should keep individual responsibility for actions per employee, ensuring that they have a unique identifier. Being able to track each employee’s actions is helpful when the authorities need to investigate security breaches and data being stolen.
To help ensure your guests’ data is safe, protect your user account credentials and do not share your account. There are many data protection laws around the world, the most famous being the General Data Protection Regulation (GDPR), which protects the personal identifiable information (PII) of any European citizen and European resident booking worldwide. All properties offering accommodation to European citizens and residents need to comply with the regulation to avoid fines.
Add a user account
To add a new user account, follow the steps below:
Go to your property name in the navigation bar > User management.
Click on Add user.
Enter your User details: Provide a unique e-mail address that only the person handling this user account can access (the activation link will be sent to this e-mail address). Enter the first and last name of the person who will own this user account. Select the user’s preferred language. Enter the user’s phone number.
Under Account permissions, tick the User management checkbox if you want to allow this user account to add, edit, or delete other users. Otherwise, leave it unticked.
On the User level, choose between Admin (grants all access and permissions available) and General (allows customised access and permissions to limit access). If choosing General, select the permissions you want the user to have (see more about the permissions below).
Click on Create user.
User account permissions
Admin users have all permissions enabled by default (except for User management).
General users have read-only access to all areas of the platform by default; however, specific permissions can be enabled to give the user edit rights. For example, if Inventory permission is enabled for a general user, they can view and make changes to Inventory.
General users must have at least one permission enabled.
Below are the available permissions that can be enabled for General users.
Property
Property settings — manage and update general property information, property details, services, and policies.
Rooms and rates — create, edit, and delete room types, rate plans, room rates, and channel rates.
Payment settings — set up accepted payment methods, payment settings, and payment gateways.
Media library — add, edit, and delete images from the media library.
Distribution
Inventory — manage and update daily rates, availability, and restrictions.
Channels — add, map and unmap channels.
Yield rules — create, edit, and delete yield rules.
Demand Plus — manage Demand Plus.
Direct booking
Direct booking rates — add, edit, and suspend rates from your booking engine.
Promotions — create, edit, and delete promotion codes.
Extras — create, edit, and delete extras.
Configuration — modify and customise direct booking plug-in apps, guest display options, branding, guest communication and cancellation settings.
Website builder — edit the website builder.
Reservations
Reservation details and operational reports — search and view reservations and run reports.
Guest payment details — manage reservation payment card details. (Reservation details and operational reports permission must also be granted.)
Connectivities
Third-party connectivity — map and set up a property management system (PMS), a revenue management system (RMS), or a central reservation system (CRS).
Insights
Intelligent market and provisional reports — run and view the available Insights reports for your property.
Once your user account is created, an activation e-mail will be sent to your e-mail address, asking you to set up your password and activate your account. Newly added user accounts are shown as Pending in the system until the user clicks on the link in the activation e-mail.
Edit or delete a user account
To edit or delete a user account, follow the steps below:
Go to your property name in the navigation bar > User management.
Locate the user and click on the ellipsis button (...).
From the Actions menu, select between Edit this user and Delete this user.
Note:
You cannot edit the User details section (which contains E-mail address, First name, Last name, Preferred language, and Phone number). If these details are incorrect and need to be changed, create a new user account and delete the old user with the incorrect data.
Deleting a user is final: access and history of changes cannot be retrieved after a user is deleted. We recommend only deleting a user if they are not expected to return, or if they should not access the platform in the future. If you are unsure about deleting a user, restrict their permissions instead.