Manage chain-level roles and users
Below will outline how to set up and manage user access and permissions for chain-level operations in your CRS.
Set up chain-level roles and users in the chain manager security menu to grant access to chain-level functions as well as property-level menu areas of the CRS. Chain-level users can be given access to property-level areas of one, some, or all hotels within the chain through this same menu. This centralized approach streamlines user management across your hotel group.
User roles and permission levels
Each area is available for configuration within user roles and is consistent at chain and property level.
The permissions are aligning with the navigation menus on the left side of the screen and can be assigned as:
None: User won't see this specific menu or option at all.
Read Only: User can view the area only and cannot make changes.
Full: User can view and change this area.
⚠️Important: Create and test all new user roles to ensure they align with your business practices and requirements before assigning to users.
Property vs chain roles:
Chain level users can access the chain level menu in line with their user role.
Property level users can access specific hotel settings. These are all separate roles including different levels of access to each property assigned to users depending on your business needs.
Create a chain level user role
Below will outline how to create a chain level user role.
Go to Chain Manager.
Go to Security.
Go to Role.
Go to the Create New tab.
Enter the role name.
Choose Chain Level Role from the dropdown menu.
For each menu item below, assign from the dropdown:
None, user will not see this menu item at all.
Read only, user can view but not make changes.
Full, user can set up and make changes.
Chain management menu options to assign permissions:
Chain setup.
Admin audit log.
Hotel grouping.
User management.
Call assist call time.
Chain report.
if giving full access, fields will open further down the screen to limit the reporting submenu options available to the user.
Billing export.
Hotel create through IDS if contracted.
PMS latency report.
PMS interface.
Payment gateway log if contracted.
System message.
RMS interfaces.
Availability validation tool.
External booking channel.
Service bus logs if contracted.
Profile management if enabled at chain level.
Access Evo feed future functionality.
Report elements, check menu items to grant access to these report menus:
Summary.
Reservation.
Distribution.
Profile.
Schedule.
General.
Registered guest if contracted.
Chain level object management:
Chain add-ons.
Chain rate code group if used.
Chain rate code.
Chain room type.
Chain cancellation policies.
Chain guarantee policies.
Chain market segment if used.
Chain access code.
Chain guest preference.
Chain discount.
Base inventory if used.
Guest membership program custom integration.
Room type group if used.
Chain package.
Chain geo pricing.
Chain template.
Click Save.
Create a property level role at chain manager
Below will outline how to create a property level user role.
Go to Chain Manager.
Go to Security.
Go to Role.
Go to the Create New tab.
Enter the role name.
Choose property level role from the dropdown menu.
For each menu item below, assign from the dropdown:
None user will not see this menu item at all.
Read only user can view but not make changes.
Full user can set up and make changes.
Property setup areas:
Languages.
Address or contacts.
Currency.
Tax.
Descriptions.
Multimedia.
Location.
Meeting information.
Dining information.
Children age group.
Room type.
Guest preference.
Branding.
Amenities.
Guest membership program this is a custom integration.
Room type group, if used.
Policies.
Rate management:
Rate code.
Rate code group if used.
Rate tier.
Tier rate.
Season rate.
Rate overwrite.
Discount.
Market segment.
Rate day type this is a custom integration.
Geo pricing.
Rate loader this is a custom integration.
Access code.
Inventory management:
Base inventory.
Allotment.
Sell limit.
Auto rollover.
Dashboard.
Availability:
Rate blending.
Property.
Room type.
Rate category.
Rate code group.
Rate code.
Room or rate.
Channel.
Sub channel.
View all.
Add-ons.
Room class.
Group.
Room or rate code group.
Availability validation tool.
Loyalty tier or rate this is a custom integration.
Group or package or add-ons:
Group.
Package.
Add-ons.
Reservation:
Res detail.
Add-ons detail.
Integrated reservations.
Email.
Profiles:
Profiles.
Corporation.
Group.
Travel agent.
Travel agent profile mapping.
Reports:
General.
Summary.
Reservation.
Distribution.
Profile.
Schedule.
Registered guest if enabled.
Marketing:
Email setup.
Pre or post email days.
Web tracking.
Third party web tracking.
Web analytics.
Messages.
Google ads.
Security:
User profile.
Role.
Click Create New.
📌Note: Once you have the roles needed to manage your business, you can assign them to users.
Grant access to existing chain level user
Use this option to assign existing user profiles to a chain without rebuilding or creating duplicate profiles. This is typically used when a property-level user needs access to the chain area.
Follow the steps below to grant access to an existing chain level user.
Go to Chain Manager.
Go to Security.
Go to User Profile submenu.
Enter the existing user name already in the system.
Assign the appropriate chain-level role.
Click Grant Access.
⚠️Important: Users created at property level and not assigned to chain level won't appear in this list. View these users in the property level menu.
Create new chain-level user
Go to Chain Manager.
Go to Security.
Go to the User Profile submenu.
Click Create New.
Enter user name, this identifies them in system logs.
Enter password, they'll change this on first login.
Enter first name.
Enter last name.
Enter email.
Choose date format from the dropdown:
MM/DD/YYYY
DD/MM/YYYY
YYYY/MM/DD
Choose time format:
AM/PM.
24 hour.
Select Language, only English is fully supported.
Personalize room and rate display in the various areas of the by selecting:
Show rate name to display rate names instead of codes.
Show room name to display room names instead of codes.
Show both name and code, this is recommended for comprehensive viewing.
Choose the appropriate chain level role from the dropdown based on their job requirements.
Click Add New User or Cancel.
Go to Profile tab to configure further.
In the limit rate code access to field enter specific rate codes separated by a comma if you want them to modify only certain rates like best available rate.
Authentication provider, if enabled select the single sign on option your property or group has set up for the CRS.
Click Save.
📌Note: Users can amend their display preferences later under the profile section.
Assigning hotel access to a chain level user
Follow the steps below to assigning hotel access to a chain level user.
Go to Chain Manager.
Go to Security.
Go to the User Profile submenu.
Go to the Hotel Access tab.
Select the user from the drop down menu.
Select access type:
Access to all hotels.
Access to limited hotels.
With this option the hotel list will open up below for roles to be assigned or not to each.
Assign a role from the drop down for all hotels or each hotel individually.
For any properties the user should not have access to leave the role dropdown to no access.
Click Save.
📌Note:
Set up multi-factor authentication for a chain level user.
The CRS requires two-factor authentication for all user logins to protect system information.
Email authentication this is the default option.
All users automatically receive authentication codes via email sent to their registered email address.
Mobile app authentication this is recommended.
For enhanced security and convenience, users can set up mobile app authentication using third-party applications like Duo, Authy, Google Authenticator, or Microsoft Authenticator.
Enable mobile app authentication for a chain level user
Follow the steps below to enable mobile app authentication for a chain level user:
Install an authentication app such as the following examples Authy, Duo, Google Authenticator or Microsoft Authenticator on your mobile device.
Go to Chain Manager.
Go to User Preference.
Click Switch to secure code via authentication app button.
Use the authentication app to scan the QR code displayed on screen.
Enter the generated code into the validate security code field in the CRS.
You'll see a success message confirming activation.
The previous button then updates to switch to secure code via email allowing you to switch back if needed.
Click Save.
MFA prompts
Below will help you to understand MFA prompts.
You'll be prompted for multi-factor authentication when:
Normal seven day cycle: Your seven day MFA period has expired and requires re-verification.
Security system activation: The system suspects automated or unusual activity and requires additional verification as protection.
Active MFA session: MFA input is visible and requires completion.
⚠️Important: MFA codes expire after five minutes. Request a new code rather than re-entering an expired one.
⚠️Important: Security-triggered MFA prompts bypass the normal 7-day cycle as intentional protection, not a system error.
Authentication guidelines
Below will outline helpful guidelines regarding authentication.
Authentication code format: All codes are 6 digits.
Email delivery time: Codes are sent immediately with no delay from our system. Delivery times may vary based on email service providers.
Code expiration: Codes expire 5 minutes after sending.
Frequency of prompts: When the system detects irregular activity it will request a new MFA. Avoid clicking login too quickly or using saved passwords, as this may trigger bot detection.
Lost mobile device: Contact support to switch back to email authentication temporarily.
Switching methods: Users can choose between email or mobile app authentication and switch between methods as needed. Only the user can enable mobile app authentication.