Managing Teams Without the Complexity
The permissions problem
Team management in most SaaS tools falls into one of two traps.
Trap one: everyone sees everything. You invite your cleaner to the platform so they can check the calendar, and now they can see your monthly revenue, your guest phone numbers, and your pricing strategy. Not ideal.
Trap two: you need a computer science degree to configure permissions. Role hierarchies, custom permission matrices, conditional access policies, scope inheritance rules. You spend an afternoon setting it up, get it wrong, and your manager can’t access the one page they actually need.
Airflow finds the middle ground. Three roles. Clear boundaries. No configuration manual required.
Real roles for real businesses
Here’s the actual problem. Your cleaner needs to see the calendar but not the revenue. Your manager needs to edit bookings but not change the billing plan. Your accountant needs financial reports but not guest contact details.
These aren’t edge cases. These are the three most common team scenarios in every booking business we’ve talked to. And yet most platforms either ignore the problem entirely or overcomplicate it beyond recognition.
Airflow’s role system was designed around these real scenarios, not around an abstract permission framework.
Two levels, three roles
Airflow uses a two-level role system: organisation level and property level.
Organisation level
Owner — Full administrative access plus billing control. Owners can manage subscriptions, view invoices, add and remove team members, and access every feature across every property. There’s always at least one owner per organisation. This is typically the business owner or primary account holder.
Manager — Edit access to everything except billing. Managers can create and modify bookings, manage calendars, run reports, handle guest communications, and oversee staff. They cannot change the subscription plan, update payment methods, or access billing history. This is the role for your operations lead — the person who runs the day-to-day without needing access to the financial relationship with Airflow itself.
Property level
Staff — Scoped to specific properties with granular read/write permissions per feature. A staff member sees only the properties they’ve been assigned to, and within those properties, only the features you’ve enabled for them.
This is where it gets practical. Staff permissions are controlled at the feature level:
| Permission | What it controls |
|---|---|
bookings_read | View bookings and booking details |
bookings_write | Create, edit, and cancel bookings |
calendar_read | View the property calendar |
checklists_read | View cleaning and turnover checklists |
checklists_write | Complete and update checklists |
tasks_read | View assigned tasks |
tasks_write | Create, complete, and reassign tasks |
inventory_read | View inventory levels |
inventory_write | Update inventory counts and thresholds |
Your cleaner gets calendar_read and checklists_read plus checklists_write. They see when the next guest arrives, they see their checklist, they mark it complete. Nothing else. No revenue data, no guest phone numbers, no booking financials.
Your maintenance person gets tasks_read and tasks_write plus inventory_read. They see what needs fixing, they mark it done, they check if replacement parts are in stock.
The right people see the right things. That’s it.
What each role actually sees
Here’s a practical comparison of what each role accesses:
| Feature | Owner | Manager | Staff |
|---|---|---|---|
| All properties | Yes | Yes | Assigned only |
| Bookings | Full access | Full access | Per permission |
| Calendar | Full access | Full access | Per permission |
| Revenue & reports | Yes | Yes | No |
| Guest details | Yes | Yes | No |
| Team management | Yes | No | No |
| Billing & subscription | Yes | No | No |
| Checklists | Yes | Yes | Per permission |
| Tasks | Yes | Yes | Per permission |
| Inventory | Yes | Yes | Per permission |
| Organisation settings | Yes | No | No |
No surprises. No hidden access. No “wait, they can see that?” moments three months after you’ve invited someone.
Multi-org architecture
Here’s something most team management systems don’t handle well: people who work across multiple businesses.
A property manager might oversee their own portfolio and also help manage a friend’s listings. A cleaner might service properties for three different owners. An accountant might handle books for a dozen clients.
Airflow supports this natively. One email address, multiple organisations. Each organisation is completely isolated — separate properties, separate team members, separate billing, separate data. An org switcher in the top menu lets users move between organisations without logging out and back in.
Your cleaner who works for three different owners has one Airflow account with three organisation memberships. Each owner controls what that cleaner can see within their own organisation. Clean separation, zero leakage between clients.
How invitations work
Adding someone to your team takes about 30 seconds:
- Go to Team in your portal
- Click Invite Member
- Enter their email address
- Select their role (Manager or Staff)
- If Staff, select the property and permissions
- Send the invitation
The invitee receives a magic link email. They click it, and they’re in — with exactly the access you configured. No password to create, no account to set up, no activation code to type.
Invitations expire after 14 days. If someone doesn’t accept in time, you send a fresh one. No lingering access tokens sitting in inboxes indefinitely.
Coming soon: Trusted Devices
We’re building a Trusted Devices feature that adds a layer of convenience without sacrificing security.
The concept: when a team member logs in from a device they’ve used before, they can authenticate with a PIN or biometric confirmation (fingerprint, face recognition) instead of requesting a new magic link every time. The device is recognised, the identity is confirmed with a quick local check, and they’re in.
Device limits will scale by plan tier — solo plans get fewer trusted devices, team plans get more. This keeps the security model tight while making daily access faster for your staff who log in from the same phone or tablet every shift.
What we don’t do (yet)
Honesty time. Airflow doesn’t have delegate roles — you can’t create a “junior manager” or a “senior staff” variant. There are no custom permission sets where you define your own role from scratch. And there’s no time-based access (like “staff can only log in during business hours”).
Owner, Manager, and Staff covers roughly 90% of real-world team structures we’ve observed. The cleaner, the manager, and the business owner. The operations lead, the maintenance crew, and the accountant. Three roles handle it.
If you genuinely need a 47-role hierarchy with conditional inheritance and time-gated scopes, Airflow probably isn’t the right fit today. But if you need your team to access the right things without a two-hour setup process, we’ve built exactly that.
The bottom line
Team management should take minutes, not meetings. Invite someone, pick their role, choose their permissions, done. They see what they need to see. They don’t see what they shouldn’t.
No IT department required. No permission matrix spreadsheet. No “can you check if Sarah can access the calendar” Slack messages.
Ready to invite your first team member? Start your free trial and add your team in minutes. Want to see the permission system in action? Watch how it works.