Skip to main content

Roles and permissions

Roles and permissions control what each staff member can view, change, approve, and administer in Lupa. Use this page when you need to build reusable access roles, such as Reception, Nurse, Vet, Manager, Finance, or Company Admin, and assign those roles to active team members.

💡 In short: Go to company-level Admin Settings → Staff → Permissions, define what each role can do in Role Definition, then assign one or more roles to each employee in Employee Roles.


Before You Begin

📍 Permissions required: You need Company Admin access to manage this area. To change the permission matrix you need Define Roles. To assign roles to staff you need Assign Roles.

Roles and permissions are access control. Keep nearby staff setup in its own page so each setting stays clear:

Area

Use it for

Do not use it for

Roles and permissions

Controlling what staff can see, create, update, approve, and administer in Lupa.

Changing someone's job title, clinic membership, rota, or appointment-type eligibility.

Staff profiles

Names, login email, phone number, visible job role label, vet registration number, avatar, signature, password reset, and archive status.

Granting access to restricted tools or settings.

Staff locations and assignments

Adding staff to clinics and deciding whether they appear in a clinic's calendar.

Deciding what they can do once they are inside Lupa.

Qualifications and certifications

Choosing which appointment types each staff member can cover.

Granting access to settings, finance, analytics, inventory, or admin tools.

⚠️ Role names and job roles are different. The Job Role on a staff profile is a label, such as Veterinarian or Reception Staff. The roles on this page are permission groups that control access.


How Roles Work

A role is a reusable set of permissions. You define the role once, then assign it to any staff member who needs that access. Staff can have more than one role, and their final access is the combination of all roles assigned to them.

Concept

What it means

Permission

A specific access rule, such as Full Analytics Access, Inventory, Perform stocktake, Complete stocktake, Manage product batches, Medication Management, Assign Roles, Manage Employee Stores, View order pricing, or Override Linked Fees.

Role

A named bundle of permissions, such as Admin, Core, Support, Reception Lead, or Finance.

Employee Roles

The roles assigned to an individual staff member.

Company Admin

The full-access permission. Staff with this permission pass permission checks across Lupa.

🔒 Lupa protects your admin setup. At least one role must keep Company Admin, Define Roles, and Assign Roles, and you cannot remove every admin-capable role from your own user.


Manage Role Definitions

Open Role Definition

  1. Open company-level Admin Settings.

  2. In Staff, click Permissions.

  3. Open the Role Definition tab.

    Role Definition settings table showing permission groups, role columns, permission checkboxes, Filter permissions, Add New Role, and Save Changes

    The table is a permission matrix:

Part of the table

What it means

Rows

Individual permissions. Use the information icon beside a permission to see what it allows.

Groups

Business areas, such as Admin, Analytics & Reporting, Appointments & Scheduling, Finance & Billing, Inventory & Products, and Tasks.

Columns

Your practice's roles. Ticked boxes show which permissions belong to that role.

Filter permissions

Searches permission names, descriptions, groups, and subgroups.

Save Changes

Applies permission changes. It becomes available after you make a change.

Some groups only appear when the matching feature is enabled for your company, such as Hospitalisation, Price Factor, or Lupa Pay.

Add a New Role

  1. Click Add New Role.

  2. Enter the role name.

  3. Click Add Role.

  4. Tick the permissions that role should include.

  5. Click Save Changes.

    Add New Role dialog with a role name entered and Cancel and Add Role buttons

💡 A new role starts with no permissions. It will not give staff extra access until you tick permissions and save the role definition.

Edit an Existing Role

  1. Find the role column you want to update.

  2. Tick permissions to add access, or untick permissions to remove access.

  3. Use Filter permissions when the table is long.

  4. Click Save Changes. Changes affect every employee who has that role. For example, if the Support role gains Inventory, every employee assigned to Support gains inventory access after the change is saved.

Delete a Role

  1. In Role Definition, click the delete icon beside the role name.

  2. Type the role name to confirm.

  3. Click Delete. Deleting a role archives that role so it is no longer used for access. Lupa hides the delete option when deleting the role would leave no role capable of administering permissions.

⚠️ Review employees before deleting a role. If a role is still assigned to staff, removing it may immediately reduce their access.


Assign Roles to Employees

Open Employee Roles

  1. Open Admin Settings → Staff → Permissions.

  2. Click Employee Roles.

  3. Use Filter employees to find the staff member.

    Employee Roles table showing employees, job roles, assigned role chips, and the Filter employees search field

    The table shows active employees in your current company or store context. Archived staff are managed from Staff profiles and do not appear here for role assignment.

Change a Staff Member's Roles

  1. Find the employee in the table.

  2. Open the Roles picker in their row.

  3. Select or clear the roles they should have.

  4. Click Select.

  5. Review the confirmation message.

  6. Click Confirm.

    Employee Roles picker showing available roles, the selected role, search, Select all, Clear, and Select controls

    Lupa shows which roles are being added or removed before it applies the change. If you are changing your own account, Lupa blocks changes that would remove all admin-capable access from you.

Best practice: Build a small number of clear roles, then assign multiple roles when someone genuinely works across areas. This is easier to audit than creating a different one-off role for every person.


Permission Groups Reference

Group

Examples of what it controls

Admin

Full company access and company-level governance.

Business & Staff Management

Practice information, staff profiles, employee store assignments, and role or permission management.

Appointments & Scheduling

Booking settings, rota viewing and editing, appointment types, appointment duration changes, rooms, and consent forms.

Finance & Billing

Billing access, discounts, refunds, credit notes, write-offs, invoice unlocking, overriding linked fees (such as dispensing and injection fees), financial locks, Lupa Pay, and client billing holds.

Analytics & Reporting

Full or limited analytics access, cashup access, and custom reporting data sources.

Inventory & Products

Stock access, stocktake entry, stocktake completion, batch management, product controls, VAT controls, reference lists, service list management, list archiving, and viewing order pricing (cost, mark-up, and line total when processing inventory orders).

Prescriptions & Medication

Creating, updating, and deleting prescriptions, including repeat medications.

Insurance & Integrations

Insurance access, submitted claim updates, integration settings, and Microsoft 365 app authentication management.

Communication & Client Preferences

Client chat, internal chat, campaigns, bulk emails, and communication preference controls.

Settings & Customization

Health plans, Lupa billing settings, and security settings.

API Keys

Creating and updating API keys for third-party integrations.

Tasks

Reading, managing, and viewing tasks across the company.

🔒 Give the smallest access that lets the person do their work. Keep Company Admin, finance controls, API keys, security settings, and role-management permissions limited to people who are responsible for those areas.


Tips

Best practices for clean access control:

  • Keep one admin role with Company Admin, Define Roles, and Assign Roles.

  • Use job-based roles for common access patterns, such as Reception, Nurse, Vet, Practice Manager, Finance, and Support.

  • Assign more than one role when someone covers multiple responsibilities instead of creating a one-person role.

  • Review roles when staff change role, move site, join finance workflows, or leave the practice.

  • Keep clinic membership in Staff locations and assignments and appointment eligibility in Qualifications and certifications.

  • Check high-risk permissions regularly, especially Company Admin, finance controls, API keys, security settings, prescriptions, and role management.


Troubleshooting

Problem

What to do

I cannot see Permissions

You may not have company-level admin access or role-management permissions. Ask an administrator to review your access.

The Role Definition tab is disabled

You need Define Roles to edit the permission matrix.

The Employee Roles tab is disabled

You need Assign Roles to change staff role assignments.

Save Changes is disabled

Make a change first. If you removed the last admin-capable role, restore Company Admin, Define Roles, and Assign Roles on at least one role.

A staff member is missing from Employee Roles

Check that the staff profile is active and belongs to the current company or store context. Archived staff are managed from Staff profiles.

Changing Job Role did not change access

That is expected. Job Role is a profile label. Assign permissions from Employee Roles instead.

A new role did not give anyone access

Tick permissions in Role Definition, click Save Changes, then assign the role to employees in Employee Roles.

A person still cannot access a clinic

Permissions decide what they can do. Clinic membership is separate. Add them to the clinic in Staff locations and assignments.

A person still cannot be selected for an appointment type

Appointment-type eligibility is separate from permissions. Update the Staff Qualifications table.


Frequently Asked Questions

Is Role the same as Job Role?

No. Job Role is the label on a staff profile, such as Veterinarian or Reception Staff. A permissions role is an access group used to decide what the person can do in Lupa.

Can one staff member have multiple roles?

Yes. Assign multiple roles when someone covers more than one responsibility. Their access is the combined access from all assigned roles.

Does assigning a role add someone to a clinic?

No. Clinic membership is managed separately in Staff locations and assignments.

Does assigning a role make someone qualified for appointment types?

No. Appointment eligibility is managed in Qualifications and certifications.

What happens if I edit a role that many staff use?

Every staff member with that role receives the updated access after you save the role definition.

Should everyone have Company Admin?

No. Company Admin gives full access. Keep it for trusted administrators who are responsible for company-wide settings and access control.

Related Articles

Did this answer your question?