Profiles, permission sets, and property access
Creating new users involves assigning them the appropriate level of access so they can complete their daily tasks. A Corporate Administrator controls what users can do in the system by assigning them a profile and one or more permission sets. Then, either a Corporate Administrator or Property Administrator indicates which properties they can access and what they can do with the records at those properties.
Profiles
Each user in the system is assigned a profile. Your profile controls which areas you can access and what you can do in the application.
When a Corporate Administrator creates a new user, the User License field determines which profiles are available for that individual. The following standard profiles are included:
An Event Only version of each profile is also available for properties that don't sell guestrooms.
| Profile Name | Description | User License |
| Sales and Catering View Only User | Access is limited to viewing records and running reports. Cannot create, edit, or delete any records. Cannot merge or batch merge. View Only users must still be assigned Edit Owned Records or Edit All Records access at a property in order to view that property's records. That access level, however, has no bearing on the user's limited rights. Banquet user access If your banquet team needs to access only certain areas of the system (for example, to enter actuals or batch print BEOs and banquet checks), assign them the View Only user profile and permission set along with the Banquet Access permission set. This lets them work with events while continuing to have view only access to the rest of the system. Please note that property access does come into play with the Banquet Access permission set. Banquet users with Edit Owned Records access need to be sourced on individual bookings to modify events and merge/batch merge. To avoid sourcing, assign your banquet users Edit All Records access. This will allow them to work with events on all bookings at the property. |
Salesforce Platform |
| Sales and Catering User | The most common access level given to users who need to work with accounts, contacts, inquiries, bookings, guestrooms, events, and volume contracts. | Salesforce Platform |
| Sales and Catering Property Administrator | Has access to property-specific configuration settings, such as guestroom types, function rooms, menus and items, taxes, document templates, etc. Can assign property access and default properties to users. | Salesforce Platform |
| Sales and Catering Corporate Administrator | Has access to all records at all properties and all areas of the application. Tasks such as entering corporate setup values, modifying page layouts, configuring workflows, and creating users are performed by the Corporate Administrator. | Salesforce |
The following table provides a summary of what each profile can do in the application. Some of these tasks require that the profile is assigned the corresponding permission set. Additionally, a user’s property access level determines what they can do with those property’s records.
| Corporate Administrator | Property Administrator | User - Edit All Records property access | User - Edit Owned Records property access | View Only User* | |
| View records | Yes | Yes | Yes | Yes | Yes |
| Create records | Yes | Yes | Yes | Yes | No |
| Modify records | Yes | Yes | Yes | Only records they own or are sourced on | No |
| Delete records | Yes | Only records they own | Only records they own | Only records they own | No |
| Merge documents | Yes | Yes | Yes | Only records they own or are sourced on | No |
| Batch merge | Yes | Yes | Yes | Only records they own or are sourced on | No |
| Run reports | Yes | Yes | Yes | Yes | Yes |
| Manage users | Yes | Can assign access to properties where they have Edit All Records rights | No | No | No |
| Define setup values | Yes | Yes - for property | No | No | No |
| Edit page layouts | Yes | No | No | No | No |
*The functionality of the View Only profile can be extended with the Banquet Access permission set.
Permission sets
A permission set "fine-tunes" the level of access defined in a user's profile. Each user should be assigned the permission set that corresponds with their profile. For example, if Mary Pappas is a Sales & Catering User, assign her the Sales & Catering User permission set.
Additional permission sets are also available that extend a user's access without changing their profile.
- Enable Multi-Factor Authentication - When logging in, the user will be required to prove their identity using the Salesforce Authenticator app on a mobile device. See Activate MFA. If you have single sign-on or My Domain, follow the steps in Salesforce Help instead of using this permission set. Start with the Salesforce Multi-Factor Authentication FAQ knowledge article.
- Alternate Language - Alternate language permission sets control which language fields you can see throughout the system (for example, when the French permission set is added, the user will see fields for BEO items in both English and French). They also determine which languages can be displayed in merge documents. See Assign alternate language permission sets to users.
- Change Record Owner - Allows a user to change the owner of a record that they don't currently own. If you have MeetingBroker integration and more than one person acts as the DLC (Default Lead Coordinator, where they review the incoming inquiries and reassign them to the correct owner), assign this permission set to all of the DLCs.
- Replace Setup Values - The Replace Setup Values functionality is available to corporate administrators by default. Add this permission set to a property administrator if they should be able to make these changes and assist with system cleanup.
- Backdate Bookings Admin - By default, corporate administrators have access to the Enable Backdating Bookings field on the Property page. Add this permission set to a property administrator if they should be able to toggle backdating bookings on and off. We recommend adding this to a property administrator only for the first couple of weeks when a new property is entering backlog, and when that entry is complete, remove the permission set to avoid accidental impact to performance reporting.
- Banquet Access - If your banquets team need to access only certain areas (for example, to enter actuals or batch print BEOs and banquet checks), assign them the View Only User profile and permission set along with the Banquet Access permission set. This lets them work with events while continuing to have view only access to the rest of the system.
-
The following table details what the Banquet Access permission set allows a View Only user to do:
Bookings Create, modify, or delete bookings No Merge and batch merge BEOs, banquet checks, booking checks, and other documents Yes Create, modify, or delete room blocks No Events Create new events No Modify event details Yes Delete events No Add or remove existing menus and items Yes Create "on-the-fly" menus and items Yes Add or remove existing choice groups Yes Change choice group selections Yes Create new items for existing choice groups No Packages Add or remove booking packages No Modify package attendance on day delegate packages Yes Modify package attendance on 24-hour packages No Create new package events No Associate existing events to packages Yes Remove events from packages Yes Price menus and items with packages Yes Create, associate, or delete package room blocks No Create, associate, or delete package other income items No Modify price and attendance on package other income items To modify Agreed, Forecast, and Guaranteed attendance, use the Booking Package Attendance page. Actual attendance can be entered directly on the Booking Other Income page.
Yes Modify gratuity and admin charge on package other income items Yes Booking other income items Create new other income items No Modify price and attendance values on existing other income items Yes Modify gratuity and admin charge on existing other income items Yes Delete other income items No Banquet users with Edit Owned Records access at a property need to be sourced on individual bookings to modify events and merge/batch merge. To avoid sourcing, assign your banquet users Edit All Records access at the property. This will allow them to work with events on all bookings at the property.
Property access levels
After users are created in the system, they need to be assigned an access level at each property in the system. This access level determines what the user can do with the property's records.
| Profile | Property Access Level |
| View Only User | View Only Users must be assigned either Edit Owned Records or Edit All Records access at a property in order to view that property's records. That access level, however, has no bearing on the user’s limited rights. They will not be able to create, modify, or delete any records at that property—only view those records. Banquet user access If your banquet team needs to access only certain areas of the system (for example, to enter actuals or batch print BEOs and banquet checks), assign them the View Only user profile and permission set along with the Banquet Access permission set. This lets them work with events while continuing to have view only access to the rest of the system. Please note that property access does come into play with the Banquet Access permission set. Banquet users with Edit Owned Records access need to be sourced on individual bookings to modify events and merge/batch merge. To avoid sourcing, assign your banquet users Edit All Records access at the property. This will allow them to work with events on all bookings at the property. |
| Sales and Catering User | Sales & Catering Users can be assigned one of the following access levels:
|
| Property Administrator | Property Administrators must be assigned Edit All Records access at properties where they are to have administrative rights. Property Administrators can modify property-specific settings and values, such as function rooms, menus and items, taxes, etc. They can also assign property access and default properties to users. |
| Corporate Administrator | Corporate Administrators must be assigned Edit All Records access at properties where they are to have administrative rights. These users have access to all records and all areas of the application. Tasks such as entering corporate setup values, modifying page layouts, and creating users can only be performed by the Corporate Administrator. Corporate Administrators can grant themselves access to any property in the org. |
What is the difference between the View Only User profile and Edit Owned Records access at a property?
View Only User is a profile that can be assigned to users when they are added to the system. These users can only view records and run reports at the properties assigned to them. They cannot create, edit, or delete any records, nor can they merge or batch merge documents.
Edit Owned Records access is a set of permissions given to users who are assigned the Sales & Catering User or Event Only User profile. When users have Edit Owned Records access at a property, they can view and create new records in the system, but they can only edit records they own or have been sourced on.
Security
If Security is enabled in your org (Amadeus Settings > Enable Property-Level Security), here are a few things to keep in mind when you're granting property access to users:
- When Amadeus Account Security is enabled, an account must be shared with a selected property before those users can access it. The user’s access level at that property then determines what they can do with the account. However, if the Visible to All Properties check box is selected on the account, all users in the org will have edit rights to the account regardless of their property access level.
- When Booking/Volume Contract Security is enabled, the user’s property access level determines how they can interact with inquiries, bookings, and volume contracts.
Important! Please contact Amadeus Support before making any changes to your Security settings.