Each user of the Booking Service has an access level. When not logged in the access level is Public.
Access levels are:
To create an Admin login (i.e. Access levels Committee and higher) go to admin menu → admin → manage access.
All access levels are hierarchical in that higher levels can do everything a lower level can do, and more. An exception to this is provided so you can add or subtract roles from individual admin logins.
The names of the admin access levels need not imply their functional use, because you can configure access according to your needs. The main thing to remember is that the levels are hierarchical and the list above starts with the lowest level of access and ends with the highest level.
Roles are used to control access to individual functions, allowing a fine-grained approach to controlling access.
To edit a Role go to admin menu → admin → roles. You can set the access level that has the role. All higher access levels are also given that role.
As well as the above access levels, a role can be assigned so that no access level has the role, but specific API keys can be assigned that role. Also, CLI scripts have all roles, for example scheduled emails, auto-cancellation of bookings a scripted in this way.
Roles are annotated with text describing their function, so you can see what each role gives access to. A role can allow updating, or just reading.
A role called PUBLIC exists and should not be modified. This Role is used to give public access to certain functions and data dynamically.
On each role you can select any admin login and add or subtract this role from that login. This allows you to customise the access of an individual admin login.