This article lists every permission available in Cubby, what it allows, and how its scope changes depending on whether it is assigned at the organisation level or the facility level. Use it as a reference when building custom roles or troubleshooting access issues.
For how to assign permissions to users, see User Management and User Roles.
In this article:
Org level vs facility level
Every permission in Cubby is assigned at either the organisation level or a facility level:
Organisation level — the permission applies across all facilities in your organisation. Use this for administrators or managers who need the same access everywhere.
Facility level — the permission applies only to the specific facility it is assigned for. Use this to give a team member access at one location without granting it org-wide.
Some permissions can be assigned at either level — but their scope changes depending on which level they are granted at. These are called out explicitly in the Permissions that behave differently by level section below.
In the tables below, the Level column uses:
Org — only meaningful at organisation level
Facility — scoped to the assigned facility
Org or Facility ⚠️ — can be either; scope or behaviour changes by level (see bottom of article)
Core access
Permission | What it allows | Level |
All permissions | Applies every permission listed in this article to the user in one step. Typically reserved for administrators. | Org |
Can only read | Read-only access to Facilities and Pricing. Users can view rental and tenant data but cannot take any actions, except downloading reports. | Org or Facility ⚠️ |
Can manage facilities | The foundational permission for any Site Manager. Enables access to the core Facilities section: units, leads, rentals, auctions, merchandise, walkthroughs, payment history, and facility preferences. Required before most other facility-level permissions are useful. | Facility |
Facilities & units
Permission | What it allows | Level |
Can edit facility details | Edit the facility's general info, contact info, address and mailing details, operational hours, and marketing phone numbers. | Facility |
Can edit units | Create, edit, or archive units. | Facility |
Can edit rentability for vacant units | Change a unit's rentability status, but only when the unit is vacant and not reserved. Cannot manually set a unit to Reserved. | Facility |
Can edit rentability for any unit | Change a unit's rentability to any state regardless of current occupancy. Supersedes the vacant-only restriction above. | Facility |
Can add / remove unit overlock | Add and remove overlocks on units. | Facility |
Can manage locks | Full lock management: add or bulk import locks, edit lock details, delete, view history, and mark locks as missing, available, or damaged. | Facility |
Can use gate access page | Full access to the Gate Access page: edit tenant gate access codes, enable or disable access, and export the gate access table. | Facility |
Rentals & leases
Permission | What it allows | Level |
Can change rent rate | Change the rent rate on an existing lease or remove a scheduled rent change. | Facility |
Can set custom rate | Set a custom rent rate during new lease creation or when transferring a tenant to another unit. | Facility |
Can edit lease dates | Edit move-in, move-out, and unit transfer dates on a lease. | Facility |
Can transfer prepaid balance | Transfer a tenant's prepaid balance between leases at the same facility. | Facility |
Can edit imported balance | Edit a tenant's imported balances (outstanding, prepaid, deposit) that were carried over during migration from a previous system. | Facility |
Can move unit to another auction | Move auctioned units that have not yet been settled to a different auction date, via Auctions > Move to another auction. | Facility |
Can merge customers | Merge duplicate customer records into a single contact. | Org |
Can manage delinquency exemptions | Add, edit, or delete delinquency exemptions on individual leases. Exemptions selectively pause automated delinquency actions — including delinquency fees, overlock, lien eligibility, and collections messages — for specific tenants. | Facility |
Payments & billing
Permission | What it allows | Level |
Can reverse payments | Refund credit card or ACH payments, or mark a payment as failed regardless of payment method. | Facility |
Can waive charges | Waive any charge from a tenant's balance — fees, due rent, coverage, security deposit, and so on. | Facility |
Can take partial payments | Process a payment for less than the full outstanding balance. | Facility |
Can refund move-out balance | Approve or reject balance refund requests on move-out leases. | Facility |
Can write off move-out balance | Write off an outstanding balance on a moved-out lease as bad debt, or approve/reject write-off requests from other users. | Facility |
Can issue credit | Issue a credit to a tenant's account. | Facility |
Pricing & rates
Permission | What it allows | Level |
Can manage & analyze prices | Change rent prices on individual leases, manage standard rates on pricing groups, and view competitor pricing history and recommendations. | Org or Facility ⚠️ |
Can manage pricing groups | Create and edit pricing group details: name, size, rates, features, assigned discounts, and assigned units. | Org or Facility ⚠️ |
Can create/delete pricing groups | Create a new pricing group, or delete one that has no units under it and is not in use by the Storefront builder. | Org or Facility ⚠️ |
Can manage market competitors | Add or remove market competitors that power rate recommendations and competitor data in the Pricing section. | Org |
Walkthroughs
Permission | What it allows | Level |
Can perform walkthrough | Perform facility walkthroughs. During a walkthrough, the user can manage combination locks, apply or remove overlocks, change unit availability status, log tasks, and send preset walkthrough messages. | Facility |
Can manage walkthrough preferences | Manage the facility's unit walkthrough order and the preset walkthrough messages. | Facility |
Communications & calls
Cubby has four separate call-related permissions. They are often confused — see the callout below for how they work together.
Permission | What it allows | Level |
Can send messages | Access to the Messages section. Allows reading and sending two-way messages or message templates to tenants at the assigned facilities. At org level, grants full access to all tenant conversations across all facilities. | Org or Facility ⚠️ |
Can handle calls | Provisions the user as an agent in the call centre (Spoke). Required for any team member who will be receiving inbound calls. Without this, the user will not appear in Spoke's call queue. | Facility |
Can manage calls | Full access to the Calls section in Cubby (call queue, call records, AI scores, transcripts). Required to view and work with call history. Does not provision the user in Spoke — that requires Can handle calls. | Org or Facility ⚠️ |
Can supervise communications | Supervisor-level capabilities: monitor live calls and view team dashboards. Intended for managers overseeing call centre performance. | Org or Facility ⚠️ |
Can configure calls | Add and edit Voice AI configurations, IVR settings, and call centre configuration for the organisation. | Org |
How the call permissions work together: A typical site manager answering calls needs Can handle calls (to receive calls in Spoke) and Can manage calls (to view call history in Cubby). A supervisor who monitors the team but does not personally take calls needs Can manage calls and Can supervise communications. Can configure calls is a separate admin-level permission for setting up Voice AI and IVR — most operators will not need it.
Reports & analytics
Permission | What it allows | Level |
Can use reports page | Access the Reports page and run or download any available report. | Org or Facility ⚠️ |
Can schedule reports | Schedule reports for recurring automated delivery (e.g. daily email of a specific report). | Org or Facility ⚠️ |
Can view analytics | Access the Analytics section. At org level, shows data across all facilities. At facility level, shows data for the assigned facility only. | Org or Facility ⚠️ |
Can use GL mapping | Use the GL Export Mapping tool to customise how Journal Entry data maps to your organisation's general ledger accounts. | Org |
Settings & configuration
Permission | What it allows | Level |
Can edit facility/org settings | At org level: full access to the Settings section across the organisation. At facility level: limited edit access scoped to the facility's Preferences tab — document templates, facility details, message templates, discounts, and similar items. | Org or Facility ⚠️ |
Can edit users | Access to the Users tab under Settings. Enables adding and editing users, deactivating or reactivating users, managing their facility or org-level access, and duplicating access from one user to another. | Org |
Can use storefront builder | At org level: full access to the Storefront Builder portal. At facility level: limited access to view and edit the Facilities, Pricing Groups, Collections, and Variants tabs in the Content section — scoped to the assigned facility only. | Org or Facility ⚠️ |
Can manage workflows | Create, edit, publish, unpublish, duplicate, and delete automation workflows. | Org |
Inventory & merchandise
Permission | What it allows | Level |
Can manage merchandise | Edit access to the Product Catalog (Settings > Merchandise) — creating and editing products, pricing, and facility assignments — plus access to the per-facility Inventory page. Covers both areas in one permission. | Org |
Can manage inventory | Edit stock quantities and costs on the Inventory page for the assigned facility, and import/export that facility's inventory. Does not grant access to the Product Catalog — that requires Can manage merchandise at org level. | Facility |
Can create manager specials | Create and sell manager specials directly from the Shop tab on a tenant's rental. | Facility |
Permissions that behave differently by level
The following permissions are frequently misunderstood because their scope or behaviour changes meaningfully depending on whether they are assigned at org level or facility level.
Can edit facility/org settings
At org level: Full access to the entire Settings section — user management, communication templates, document templates, fee library, integrations, and all organisation-wide configuration.
At facility level: Limited to the facility's Preferences tab only — document templates, message templates, facility details, discounts, and similar facility-scoped items. Does not expose org-level settings.
Can use storefront builder
At org level: Full access to the Storefront Builder portal, including all facilities, portfolios, collections, pricing groups, and variants.
At facility level: View and edit access to the Facilities, Pricing Groups, Collections, and Variants tabs — but only for the specific facility assigned. Cannot manage portfolios or other facilities.
Can send messages
At org level: Full access to all tenant conversations in the Messages section, across every facility in the organisation.
At facility level: Access only to conversations with tenants at the assigned facility.
Can view analytics
At org level: Access to portfolio-level, organisation-level, and all facility-level analytics views.
At facility level: Access to the facility-level analytics view only for the assigned facility.
If a user has a permission at both org level and facility level, the org-level assignment takes precedence and grants the broader scope.
