Understand roles and permissions

Pour :Administrateur

View of the 'users and roles' page

Unisoft distinguishes two user types in an organization's team: Administrator and Secondary. This page explains what each type can do, and details the granular permissions adjustable for secondaries via the red key modal on the Users page.

Administrator vs Secondary at a glance

Aspect	Administrator	Secondary
Badge in the list	Red — Administrator	Blue — Secondary
Access to business modules	All (without restriction)	Limited by checked permissions
Users page	Yes	No
My organization page	Yes	No
Kiosks page	Yes	No
Business Units page	Yes	No
Transfers / Invoices page	Yes	No
Developers page (API, webhooks)	Yes	No
Granular permissions modal	None (everything is accessible)	Configured by an Administrator
Business Units visibility	All Business Units	Only those they are authorized on

⚠

Choose wisely

Giving the Administrator status to a person opens all the doors: collection, payment editing, kiosk configuration, access to Unisoft invoices and API keys. Prefer Secondary status for volunteers, delegated treasurers, secretaries — and only enable the rights actually needed.

The Administrator role

An Administrator has complete access to the organization's space. They have no granular permissions to configure: everything is open by default. The key button in the Permissions column is hidden for administrators (a dash is displayed instead).

Reserve this role for people fully responsible for the organization:

• President, principal treasurer, executive director
• Referent rabbi or establishment head
• Trusted administrative employee who needs to see everything

★

At least one Administrator, always

Your organization must keep at least one active Administrator at all times. Without an administrator, no one can configure users anymore or access sensitive pages. If you need to remove an admin, first create their replacement via support.

The Secondary role

A Secondary is a user whose each right is explicitly checked by an administrator. At creation (by support), they have no rights: no view on contacts, no access to payments. It is up to you to check what they can do in the key modal.

This role is designed for:

• Occasional volunteers who help with payment entry
• Secretaries in charge of sending tax receipts
• Assistant treasurer who consults without modifying
• Interns or external providers (accounting consultant, communication agency)

The granular permissions modal

When you click the key button of a Secondary user, a full-screen modal opens. It is organized into three blocks:

1. A special All access rights box (at the top).
2. A Sections block: which parts of the application the user can access.
3. Two sub-blocks Communication and Finance: fine permissions per module.

The "All access rights" box

At the very top of the modal, an All access rights box (displayed in red) lets you grant in one click the equivalent of the Administrator role for business modules. Checking this box:

• Automatically activates all the permissions below.
• Disables (grays out) all individual boxes — there is nothing more to adjust.

⚠

Not equivalent to Administrator

Checking All access rights gives access to all business modules, but does not open the Users, My organization, Kiosks, Business Units, Transfers, Invoices, Developers pages. These pages remain reserved for the Administrator role. If you want to give truly full access, ask support to promote the user to Administrator.

Block 1 — Access to the application's sections

First block of the modal (title Sections): a checkbox per major application category. Checking a box opens the corresponding section in the sidebar; unchecking it hides it entirely.

Section	What it opens
Dashboards	Dashboard, KPI overview
Website	Public site configuration (pages, schedules, events, galleries)
Forms	Forms module (creation, submissions)
CRM	Contacts module (catalog, profiles, families, reminders)
Community	Community-life-related modules (calendar, events, schedules, galleries)
Campaigns	Marketing Campaigns module (collections, multichannel messages)
Finance	Overall financial pages
Payments	Payments module (consultation, collection, tax receipts)
Management	Management module (Cash flow, projections)

ℹ

Checking the section is not always enough

For Communication and Finance modules, checking the section gives access to the page but fine rights (edit, delete, export) are managed separately in the blocks below. Example: if you check CRM without checking Edit contacts in the Communication block, the user will see the profiles but will not be able to edit them.

Block 2 — Communication part

Three groups of fine permissions for communication tools.

Contacts

Permissions available on the Contacts module (catalog, profiles, families, reminders):

UI Permission	What it allows
View	View the contacts catalog, open a profile, consult the tabs
Edit	Create a contact, edit an existing profile, add notes, manage family relations
Delete	Delete a contact (irreversible action)
Export / Import	Export the catalog as XLSX, import a bulk list

Calendar & Appointments

Permissions on the internal calendar (appointments, scheduled events):

UI Permission	What it allows
View	View the calendar and appointment details
Create / Edit	Create a new appointment, edit an existing one
Delete	Delete an appointment

Message campaigns

Permissions on multichannel message campaigns (email, SMS, WhatsApp):

UI Permission	What it allows
View	See the history of sent campaigns and their statistics
Create / Edit	Create a new campaign, edit a draft

Block 3 — Finance part

Six groups of fine permissions for financial modules.

Payments

Payments module (one-time, recurring, tax receipts):

UI Permission	What it allows
View	View the list of payments, open a profile, see tax receipts
Add	Collect a new payment (cash, check, card, transfer)
Edit	Edit an existing payment (amount, method, contact, tax receipt)

Forms

Forms module (creation of online forms):

UI Permission	What it allows
View	See the list of forms and their settings
Create / Edit	Create a new form, edit the structure, add fields
Activate / Deactivate	Put a form online or take it down
Archive	Archive an obsolete form (out of the active list)

Submissions

Submissions received via forms:

UI Permission	What it allows
View	Read the responses submitted by contacts
Create / Edit	Manually enter a submission, edit a response
Archive	Archive a processed submission
Export	Export submissions as XLSX

Funds

Funds module (targeted collections with or without a goal):

UI Permission	What it allows
View	See the list of funds and their collected amounts
Create / Edit	Create a new fund, edit the title, the goal, the image
Activate / Deactivate	Make the fund visible or pause it

Accounting & Operations

Cash flow module (booklets, accounting operations):

UI Permission	What it allows
View	View booklets, see recorded operations
Create / Edit	Enter a new operation, edit an entry
Delete	Delete an operation (irreversible action)

Banking & Transactions

Banking pages (reconciliations, transactions from payment providers):

UI Permission	What it allows
View	See imported bank statements, received transactions
Edit	Edit the reconciliation, link a transaction to a payment

Logic of the boxes: parent section vs details

A point often misunderstood: checking the main box of a group (e.g., Contacts in Communication) also checks all the details and disables them (grayed out). It is intentional:

• Checking Contacts alone (without touching the details) = giving all rights on contacts in one click.
• To give partial access (view but not edit), first uncheck Contacts, then check only the desired sub-permissions.

★

Recipe for the 'read-only' permission

To give an assistant treasurer a view-only right on contacts and payments, without being able to edit anything:

1. In Sections, check CRM and Payments.
2. In Communication > Contacts, check only View.
3. In Finance > Payments, check only View.
4. Validate.

The user will see the profiles and payments but will not be able to edit anything.

Validate and apply

Once the boxes are adjusted, click Validate at the bottom right of the modal. A notification confirms the save. The new permissions apply from the user's next action — no need to log out and log back in.

Complete example: "Collection volunteer" profile

You want to create the perfect profile for Sarah Cohen, a volunteer who helps collect payments during major holidays but must neither edit contacts nor see Unisoft invoices.

1. 1

   Ask support to create the access

   Email to Unisoft support: "Please create a Secondary access for Sarah Cohen, sarah.cohen@exemple-unisoft.org."

2. 2

   Adjust nickname and color

   In the list, nickname SAR, orange color.

3. 3

   Open the key modal

   Click the red key icon.

4. 4

   Check only Payments

   In Sections, check Payments alone (not the CRM block).

5. 5

   Detail the Payments rights

   In Finance > Payments, check View and Add. Do not check Edit (Sarah must not be able to edit a payment already entered).

6. 6

   Validate

   Sarah can now collect, but she sees neither contacts nor anything else.

Takeaways

• Administrator = complete access. Secondary = access defined box by box.
• The sensitive pages (Users, Kiosks, Business Units, Transfers, Invoices, Developers) remain reserved for Administrators even with All access rights.
• Checking a section in the Sections block opens access to that part of the application; the fine rights are then to be adjusted in the Communication and Finance blocks.
• Checking the main box of a group (e.g., Contacts) gives all the group's rights and disables the sub-boxes. For partial access, only check the desired sub-boxes.
• Changes apply immediately, without logout.

Go further

• Users and permissions — list of users, nicknames and colors
• Business Units — restrict a secondary to a specific legal entity
• Manage Business Units — create a Business Unit and authorize a user on it