Documentation

Custom roles

Build your own roles with a per-category permission matrix: who sees what, who can do what.

ZenHost ships with two default roles: Owner (full access) and Member (basic operational access). To go further — a "Concierge" role with restricted access, an "Accountant" role that only touches finances, a "Cleaning" role that only sees their own tasks — you create custom roles.

Reserved to the primary owner. Only the person who created the workspace (or to whom primary ownership has been transferred) can create or modify custom roles.

Open the page

Members menu → Manage Custom Roles button. Opens the Custom Roles page, which lists every role (default + custom) with its label, description, and member count.

Create a role

Create role button. The form asks for:

  • Role label — the name shown in the UI (e.g. "Concierge").
  • Role name — internal identifier (no spaces, e.g. concierge).
  • Description — short note for your teammates.
  • Permissions — the detailed matrix (see below).

On save, the role becomes assignable to new invitees and existing members.

Permission categories

ZenHost groups permissions into the categories below (plus an Administration category that bundles workspace-level permissions). For each category, you grant an access level.

Operational modules

  • Properties — listings (create, edit, delete).
  • Property groups — grouping listings.
  • Restrictions — availability, calendar blocks, minimum stays.
  • Guests — CRM directory.
  • Bookings — booking access.
  • Messages — inbox and outgoing.
  • Templates — message templates.
  • Shortcodes — dynamic placeholders.
  • Message automations — automatic-send rules.
  • Analytics — analytics dashboard.
  • Prices — access to amounts (revenue, expenses, invoices).
  • Payments — payments and payment links.
  • Payment methods — Stripe accounts.
  • Integrations — Airbnb, Booking.com, PriceLabs, Nuki…
  • Property Manager — the dedicated module.
  • Tasks — operational tasks (with "assigned only" variants).
  • Task templates — recurring task templates.
  • Websites — direct booking websites.
  • Upsells — extras catalogue.
  • Support — support access.

Administration category

  • Manage roles — create / modify custom roles (reserved to the primary owner).
  • Manage billing — ZenHost subscription, plans, your workspace's invoices.
  • Manage settings — workspace settings.
  • Manage members — add / remove members.
  • Manage invitations — send / revoke invitations.

Access levels

The levels available per category depend on what that category exposes:

  • Read / Write / Delete — most operational categories (Properties, Property groups, Restrictions, Guests, Templates, Shortcodes, Message automations, Prices, Payments, Payment methods, Integrations, Task templates, Websites, Upsells).
  • Read / Write onlyBookings, Messages, and Property Manager. Deletion is not exposed in the role matrix; in practice it goes through a dedicated flow (booking cancellation, owner archival).
  • Read onlyAnalytics and Support.
  • Tasks — uses scope variants instead of plain Read/Write/Delete (see below).

For the Tasks category, scope variants:

  • Read all / Write all / Delete all — access to every task in the workspace.
  • Read assigned only / Write assigned only / Delete assigned only — access only to the tasks assigned to the person (or their team).

The "assigned only" mode is crucial for external partners (cleaning teams, providers) you want to grant access to their tasks without exposing the whole operation.

Edit or delete a role

Each role's action menu offers Edit and Delete.

Warning. Editing a role affects every member who has that role. If you change the "Concierge" role's permissions, all your cleaning partners are affected immediately.

Deleting a role that's already assigned is blocked: you must first reassign members and invitations to another role. ZenHost opens a reassignment dialog to walk you through it.

How to pick the right permissions

A few practical rules:

  • Only grant Read on prices to those who need it — a cleaning partner shouldn't see your revenue.
  • For an accountant, grant Read on Analytics, Prices, Payments, Bookings, Guests; and Write on Expenses (via the Prices category).
  • For a third-party concierge handling a single listing, create a role limited to Tasks assigned only, Messages, Bookings (read), Guests (read), and limit property access to that specific listing on the invitation.
  • Avoid granting Delete except to your inner circle — deletion is permanent and often involves financial data.