# User Roles and Permissions

Cloud Voice governs access to the phone system through roles. This approach is known as role-based access control (RBAC): the permission to use a feature is attached to a role rather than to each individual account. By assigning a role to each user, you decide exactly which features that person can open and change from their web portal, so people only work with the parts of the system that match their job.

## What a role is

A role is a named bundle of permissions. Each permission grants access to a specific area of the phone system, and the combination of permissions in a role determines what a user can view and configure once they sign in to their portal.

Match roles to responsibilities. An employee who looks after server and network security can be given the **Operator** role, while someone who maintains staff profiles is a better fit for **Human Resource**. Because every role carries a different set of permissions, users see a portal tailored to what they actually need to do.

:::tip
Give each person the narrowest role that still lets them do their job. Handing out broad access "just in case" widens the number of accounts that can change sensitive settings, so start small and add permissions only when someone genuinely needs them.
:::

## Built-in roles

Cloud Voice ships with a set of ready-made roles that cover the most common access patterns, so you can get people working without building permission sets from scratch. The following table lists each built-in role and what it can do.

| Role | Permissions |
|------|-------------|
| Super administrator | Full access to every phone system feature. |
| Administrator | Full access to every feature, except viewing the **Dashboard** and managing **Role**. |
| Supervisor | No access to phone system features. |
| Operator | Access to and management of everything under the **Security** and **Maintenance** modules. See [Security](/pbx/administrator-guide/user-role-permissions/#user-role-permissions__section_hr5_xn5_llb) and [Maintenance](/pbx/administrator-guide/user-role-permissions/#user-role-permissions__section_ycz_xn5_llb) for details. |
| Employee | No access to phone system features. |
| Human Resource | View and manage all extensions. |
| Accounting | Access to and management of **Plan**. |
| Hotel Manager | Access to and management of **Hotel Settings**, **Room Management**, and **Wake-up Service**. |

:::caution
Managing **Role** is one of the two things the **Administrator** role cannot do, so among the built-in roles only the super administrator can create roles or change who is assigned to which role. If you need to reassign someone's role and cannot find the option, log in to the Cloud Voice Dashboard at https://voice.izt.cloud and click **Login** to open your phone system's management portal with full administrator access.
:::
