If you’re managing an agency or property business, you know that letting the wrong person access sensitive data can be a nightmare. Setting up user roles and permissions isn’t glamorous, but it’s critical — especially in a platform like Reapit, where sloppy permissions can mean real-world headaches. This guide is for admins, IT leads, or anyone stuck with the job of organizing who can do what in Reapit. I’ll walk you through the nuts and bolts, call out the stuff that actually matters, and flag the “features” that look great in a demo but fall flat in day-to-day use.
Why Permissions Matter (and Where People Mess Up)
Before we jump in, let’s be clear: permissions aren’t just about stopping bad guys. They’re about protecting staff from honest mistakes, keeping your clients’ info safe, and making your life easier when someone leaves or changes roles.
The biggest headaches I see: - Everyone gets “admin” rights because it’s easier. - No one actually audits who can do what. - New starters inherit Frankenstein permissions from ex-employees. - Permissions set up once and forgotten — until something goes wrong.
If you’re reading this, you’re already ahead of the curve. Let’s get your setup right from the outset.
Step 1: Get Clear on Your Roles Before You Click Anything
Don’t jump into Reapit and start ticking boxes. First, take 20 minutes to think through the actual jobs in your agency. Be honest about what people need to do — not what they might need to do “just in case.”
Typical roles you’ll see in most agencies: - Negotiator/Sales Agent - Lettings Agent - Admin/Office Manager - Branch Manager - Finance/Accounts - IT/System Admin
Tip: Write these down. Seriously, a Google Doc or even a scrap of paper works. For each role, jot down: - What must they access? - What should they never see? - Any “gray areas” where you’re not sure? Mark them for later.
This bit feels basic, but it’ll save you hours of cleanup later. Trust me.
Step 2: Map Roles to Reapit’s Permission System
Reapit lets you manage access through its “Groups” and “Permissions” features. Here’s what’s actually useful:
- Groups: These are basically your roles. Assign users to groups, and the group has a bundle of permissions.
- Permissions: The actual rights — like “can edit property details” or “can run reports.”
What works: Groups make bulk changes easy. If you need to tweak access for all Negotiators, do it once in the group — not 15 times for each user.
What doesn’t: Giving everyone their own set of permissions. You’ll lose track fast, and it’s a pain to audit.
Ignore: Any temptation to create a new group for every little exception. Keep groups broad, and handle one-offs sparingly.
Step 3: Create Groups That Match Your Real-World Roles
Now, translate your earlier list into Reapit groups. Don’t overthink this; start with the basics.
- Go to Admin > User Management > Groups.
- Create a group for each core role (Negotiator, Lettings, Manager, etc.).
- Give each group a clear, boring name. “Negotiator” is better than “TeamA-2024-Temp”.
Pro tip: If you have branches, you might want groups like “Negotiator – Manchester” and “Manager – London.” But avoid endless group sprawl — it’s a slippery slope.
Step 4: Assign Permissions to Each Group — With Restraint
Here’s where most people go wrong: they give too many permissions “just in case.” Resist the urge. Start with as little as possible. You can always add more.
How to do it: - In each group, assign only the permissions that role needs. - For negotiators, maybe that’s “view/edit properties” and “manage viewings,” but not “change user accounts” or “see financial reports.” - For managers, add a bit more — like reporting or approval features.
What works: Start with the minimum set. Run a few days, then ask users what’s missing. It’s much easier to loosen up than to lock things down after the fact.
Pitfall: Don’t just copy the default groups Reapit gives you. They’re usually too broad and often out of date with how your team works.
Step 5: Add Your Users to the Right Groups
Now, add people to the groups you’ve set up:
- Go to Admin > User Management > Users.
- Assign each user to the relevant group(s).
- Double-check branch assignments if you have multiple offices.
Tip: If someone wears two hats (say, Negotiator and Admin), make them a member of both groups. But again, don’t start piling on every group “just in case.”
Step 6: Audit — Don’t Assume, Double-Check
Once your setup’s live, take 10 minutes to test it. Log in as a test user in each group (or ask a colleague to). Try to do something you shouldn’t be able to do.
Check for: - Access to sensitive data (e.g., client bank details, payroll). - Ability to change system settings or permissions. - “Ghost” permissions — stuff someone can do for no apparent reason.
What works: Set a quarterly reminder to review permissions. People move roles, and old permissions linger like bad smells.
Ignore: The idea that you’ll “fix it later.” You won’t. Get it right up front, and regular audits are much less painful.
Step 7: Handle Exceptions — But Don’t Let Them Take Over
No matter how tidy your groups are, someone will ask for an exception. Maybe the branch manager wants to run a weird report, or HR needs temporary access.
How to handle it: - For temporary needs, manually add the permission, then set a calendar reminder to remove it. - For permanent changes, consider updating the group — but only if at least 2–3 people need the new permission. Otherwise, handle it as a one-off.
Red flag: If you’re making more exceptions than following the group rules, your groups probably don’t reflect reality. Time to review.
Step 8: When People Leave — Remove Access Immediately
Sounds obvious, but it’s the most common failure. Have a process so that when someone leaves (or changes roles), you remove or change their access that day.
- Remove from all groups.
- Disable their account.
- If using SSO (Single Sign-On), make sure it’s revoked there too.
Pro tip: Keep a simple checklist for offboarding. You’ll thank yourself later.
Step 9: Keep It Simple — Don’t Be Sucked In By Fancy Features
Reapit (like most platforms) offers advanced features like permission inheritance, custom fields, and fancy reporting. Be cautious — complexity is the enemy of security.
- Stick to core groups and basic permissions.
- Only use advanced features if you really need them, and document what you’ve done.
- Don’t assume “more options” means “more secure.” Usually, it just means “harder to manage.”
Quick Recap: Avoid These Common Mistakes
- Don’t give everyone admin rights. Seriously.
- Don’t create dozens of nearly identical groups. Less is more.
- Don’t ignore regular reviews. Permissions drift fast.
- Don’t trust default settings to match your business.
What Actually Works: Iterating Over Time
You won’t nail this on day one. Start with broad, clear groups and the least permissions you can get away with. Tweak as you go. Ask your team what’s not working, and fix only what’s broken. Over time, you’ll have a tight, sane setup — and you’ll sleep better knowing you’re not one accidental click away from disaster.
Keep it simple, keep it tight, and don’t be afraid to say “no” to unnecessary access. Your future self will thank you.