RBAC (Role-Based Access Control)

SafeIn adheres to the principle of least privilege. Assign roles based on job function.

1. Global Admin

Access: Unlimited.

Responsibilities: Billing management, security policy configuration, global settings, integration setup.

2. Location Admin (Enterprise)

Access: Full admin rights but restricted to a specific office (e.g., "New York Office").

Responsibilities: Managing local receptionists, devices, and employees for that site.

3. Receptionist / Security Guard

Access: Dashboard View, Visitor Log (Read/Write).

Capabilities: Can check people in/out, verify QR codes, and edit visitor details. Cannot access system settings, billing, or export full databases.

4. Employee (Host)

Access: Self-Service Only.

Capabilities: Can only see and manage their own appointments and history. Cannot see visitors invited by colleagues.