Adding Team Members and Setting Up User Roles

Who this is for: Admin

Goal: Add team members to your Task Session instance, assign them the right roles and permissions, and understand how the role system works — so every person on your team has exactly the access they need and nothing more.

Task Session includes unlimited users with every licence. There is no per-seat charge, so you can add as many team members as your business requires without increasing your software cost. Whether you have a team of 3 or 300, the process is the same.

How the Role System Works

Task Session uses a role-based access control system. Every user in the platform is assigned a role, and that role determines what they can see, create, edit, and delete across the entire system. There are three built-in roles, plus the ability to create unlimited custom roles.

Admin

Full, unrestricted access to everything in the system. Admins can:

Create, edit, and delete all projects, tasks, and files — regardless of assignment.
Manage all users: add, edit, deactivate, and delete admin, staff, and client accounts.
Access all financial data: create invoices, view payment history, manage payment gateways, and see revenue metrics.
Configure system settings: branding, SMTP email, timezone, currency, language, and security policies.
Manage integrations: Google Login (OAuth), Google Drive API, Stripe, PayPal, 2Checkout.
Create and manage custom roles with granular permissions.
View all activity: team activity feeds, client login history, and engagement tracking.
Apply updates and manage the licence.

Who should be an Admin: Business owners, operations directors, and anyone who needs full control over the platform. Keep admin accounts limited to the people who genuinely need system-level access. Every admin account is a potential security surface — the fewer there are, the easier they are to secure.

Staff

Project-level access limited to assignments. Staff members can:

View and work on projects they have been assigned to.
Create, edit, and complete tasks within their assigned projects.
Upload and manage files within their assigned projects.
Participate in project discussions, task-level chat, team chat, and 1:1 messaging.
View client details for clients attached to their assigned projects.
Use the Kanban board to manage their task workflow.

Staff members cannot by default:

See projects they are not assigned to.
Access financial data (invoices, payments, revenue).
Manage other users (add, edit, or delete accounts).
Change system settings, branding, or integrations.
View admin-level dashboards or activity feeds.

Who should be Staff: Designers, developers, copywriters, project managers, virtual assistants, and any team member who works on client projects but does not need access to billing, settings, or other clients’ data.

Client

Portal-only access limited to their assigned projects. Clients can:

View project progress for projects they are assigned to.
View tasks marked as client-visible (internal-only tasks are hidden).
Download files shared through the client portal.
Communicate with the team via project discussions and chat.
View their invoices and make payments through the connected payment gateway.
Approve or request changes on tasks sent for Client Review.

Clients cannot:

See other clients or their projects.
Access internal-only tasks, discussions, or files.
View admin or staff dashboards.
Manage users, settings, or integrations.
See aggregated financial data (only their own invoices).

Client onboarding is covered in a separate article. This article focuses on adding and managing your internal team. See: Onboard a Client and Send Portal Access.

Adding a New Team Member

Before adding anyone, make sure you have configured SMTP email in Settings. When you create a new user, Task Session sends them an email with their login credentials. If SMTP is not configured, the email will not be delivered and the user will not be able to log in until you manually share their credentials.

Log in to your admin dashboard.
Navigate to the user management section. Depending on your version, this may be under Settings, a dedicated Users section, or a Team/Staff area in the main navigation.
Click the option to add a new user (this may be labelled “Add User,” “New Staff,” or similar).
Fill in the user details:

Field	What to Enter
Full Name	The team member’s name as it will appear throughout the system — in task assignments, chat, activity feeds, and project discussions.
Email Address	Their email address. This becomes their login username. It is also where notifications, task assignments, and password reset emails are sent.
Password	Set an initial password, or use the system’s auto-generate option if available. The team member should change this after their first login.
Role	Select the role: Admin, Staff, or a custom role you have created. Choose based on the access level they need (see role descriptions above).

Click Save or Create User.
The system sends the new user an email containing their login URL, email address, and password (or a link to set their password, depending on your configuration).
The user can now log in and access the platform based on their assigned role.

Repeat this process for each team member. Since Task Session includes unlimited users, add everyone who needs access — there is no cost per user.

Adding Multiple Team Members

If you are onboarding a large team, the process is the same — add each user individually through the admin panel. There is no bulk import feature in the standard version, but the process is quick since each user requires only four fields (name, email, password, role).

For large teams (20+ members), consider this approach:

Prepare a list of all team members with their name, email, and intended role before you start.
Create any custom roles you need first (see the section below), so they are available during user creation.
Add users in batches — all admins first, then staff by department or project team.
Verify that each user receives their login email. If anyone does not receive it, check your SMTP configuration and the user’s spam/junk folder.

Assigning Users to Projects

Creating a user account gives them access to the platform, but it does not automatically give them access to any projects. Staff members only see projects they have been explicitly assigned to.

To assign a staff member to a project:

Go to the Projects section.
Open the project you want to add them to.
Look for the team members or assigned users section within the project settings or details.
Add the staff member by name or email.
Save the changes.

The staff member will now see this project in their dashboard and can access its tasks, files, and discussions. They will also receive email notifications for activity in this project (if notifications are enabled).

You can also assign users when creating a new project — the project creation form includes a field for selecting team members.

Key point: A staff member with no project assignments will see an empty dashboard. Always assign at least one project to new staff members so they have something to work on immediately after their first login.

Creating Custom Roles

The three built-in roles (Admin, Staff, Client) cover most use cases. But if your organisation has specific access requirements that do not fit neatly into these defaults, you can create custom roles with granular permissions.

When to Create a Custom Role

Custom roles are useful when:

A team member needs some admin capabilities but not all — for example, a project manager who should see all projects and manage tasks but should not access billing or system settings.
A team member needs financial access without full admin rights — for example, a bookkeeper who should create and send invoices but should not manage users or change settings.
You want department-level separation — for example, your design team can only see design projects, while your SEO team can only see SEO projects.
You need a read-only role — for example, a company director who wants visibility into all projects and financials but should not edit anything.
You have external contractors who need more access than a client but less than a full staff member.

How to Create a Custom Role

Go to Settings in your admin dashboard.
Navigate to the Roles or Role Management section.
Click Add New Role (or similar).
Enter a role name that clearly describes its purpose (e.g., “Project Manager,” “Bookkeeper,” “Senior Designer,” “External Contractor”).
Configure the permissions for this role. Task Session provides granular permission controls across the following areas:

Permission Area	What It Controls
Projects	View, create, edit, delete, and manage project settings. Can scope to “assigned only” or “all projects.”
Tasks	View, create, edit, delete, assign, and change status. Can control Kanban column management.
Users	View, create, edit, and deactivate user accounts. Can scope to specific user types (staff only, clients only).
Files	Upload, download, delete, and manage folders. Can control client-facing file sharing.
Chat / Communication	Access to project discussions, task comments, team chat, and 1:1 messaging.
Invoicing / Financial	Create, edit, send, and delete invoices. View payment history and revenue metrics.
Settings	Access to system configuration, branding, email, payment gateways, and integrations.
Reports / Activity	View team activity feeds, client activity tracking, and dashboard analytics.

For each permission area, toggle the specific capabilities on or off based on what this role should be able to do.
Click Save to create the role.

The new role is now available in the role dropdown when creating or editing users.

Example Custom Roles

Here are five common custom role configurations to use as starting points:

Role Name	Permissions Enabled	Permissions Disabled
Project Manager	View all projects, create/edit tasks, assign team members, view team activity, manage files	System settings, payment gateways, invoicing, user management, branding
Bookkeeper	Create/edit/send invoices, view payment history, view revenue metrics, view client list	Project management, task management, file management, settings, user management
Senior Designer	View assigned projects, full task management, file upload/management, team chat	Invoicing, user management, settings, client management, activity reporting
External Contractor	View assigned projects, view/complete assigned tasks, upload files, project chat	Create projects, manage users, invoicing, settings, view other team members’ tasks
Director (Read-Only)	View all projects, view all tasks, view invoicing data, view activity feeds and reports	Create/edit/delete anything, manage users, change settings

These are starting points — adjust the permissions to match your exact requirements.

Editing a User’s Role or Details

You can change a user’s role, name, email, or other details at any time:

Go to the user management section of your admin panel.
Find the user you want to edit. Use the search or filter options if you have many users.
Click on the user to open their profile or click an edit button.
Make your changes:

Change role: Select a different role from the dropdown. The user’s access updates immediately — they will see their new permissions the next time they load a page or log in.
Update email: If the user’s email address has changed, update it here. This changes their login username and the address where notifications are sent.
Reset password: If a user has forgotten their password, you can reset it here or trigger a password reset email.
Update name: Changes the display name shown in task assignments, chat, and activity feeds.

Save the changes.

Role changes take effect immediately. If you downgrade someone from Admin to Staff, they will lose access to settings, financial data, and unassigned projects on their next page load.

Deactivating or Removing a User

When a team member leaves your organisation or no longer needs access, you should deactivate or remove their account promptly. This is a security best practice — inactive accounts with valid credentials are a vulnerability.

Deactivating a User

Deactivation keeps the user’s data (task history, comments, file uploads) in the system but prevents them from logging in.

Go to the user management section.
Find the user and open their profile.
Look for a Deactivate, Disable, or Status toggle.
Set the account to inactive/disabled.
Save the changes.

The user will no longer be able to log in. Their past contributions (completed tasks, comments, uploaded files) remain visible and attributed to them in project history.

Deleting a User

Deletion permanently removes the user account. Depending on your Task Session version, this may also remove or reassign their associated data (task assignments, comments, files).

Go to the user management section.
Find the user and open their profile.
Click Delete and confirm the action.

Recommendation: In most cases, deactivation is preferable to deletion. Deactivating preserves the audit trail — you can still see who did what on past projects. Only delete a user if you specifically need to remove all traces of their account from the system.

Best Practices for User and Role Management

Follow the principle of least privilege. Give every user the minimum access they need to do their job. Start with the Staff role and only escalate to Admin or a custom role if they genuinely need additional permissions.
Limit admin accounts. Only business owners and essential operations staff should have admin access. The more admin accounts you have, the larger your security surface. Two to three admin accounts is typical for most teams.
Use custom roles instead of over-granting. If a team member needs one specific capability beyond their default role (like viewing invoices), create a custom role for that combination. Do not make them an Admin just because they need one extra feature.
Review roles quarterly. As your team changes — people join, leave, or change responsibilities — review your user list and role assignments. Remove or deactivate accounts that are no longer needed. Adjust roles for people whose responsibilities have changed.
Name custom roles clearly. Use descriptive names like “Project Manager,” “Bookkeeper,” or “External Contractor” — not generic names like “Role 1” or “Custom.” This makes it easy to understand what each role is for when assigning it to new users later.
Assign projects immediately. When you create a new staff account, assign them to at least one project right away. A staff member who logs in to an empty dashboard will be confused and may think the system is not working.
Set strong initial passwords. Even if you plan for users to change their password after first login, start with a strong initial password. Avoid simple or predictable passwords like “welcome123” — if the email is intercepted, the account is compromised.
Encourage password changes on first login. After sending login credentials, ask team members to change their password immediately. If Task Session supports forced password change on first login in your version, enable it.
Deactivate rather than delete. When someone leaves, deactivate their account instead of deleting it. This preserves the history of their work for future reference and audit purposes.
Document your role structure. If you create custom roles, keep a record (in Task Session’s Notes feature or an external document) of what each role is intended for and what permissions it includes. This helps when onboarding new admins or reviewing access during audits.

Role Comparison Table

A quick reference showing the default capabilities of each built-in role:

Capability	Admin	Staff	Client
View all projects	Yes	Assigned only	Assigned only
Create projects	Yes	No (by default)	No
Manage tasks	All tasks	Within assigned projects	View client-visible only
Kanban board access	Yes	Yes (assigned projects)	No
Upload files	Yes	Yes (assigned projects)	Limited (portal)
Chat and discussions	All	Assigned projects and team	Assigned projects only
Create invoices	Yes	No	No
View invoices	All	No	Own invoices only
Make payments	No (admin creates invoices)	No	Yes (own invoices)
Manage users	Yes	No	No
System settings	Yes	No	No
Branding and white-label	Yes	No	No
Payment gateway config	Yes	No	No
View team activity	Yes	No	No
View client activity	Yes	No	No

Custom roles can override any of these defaults. For example, you can create a “Project Manager” role that has Staff-level access plus the ability to view all projects and team activity.

Common Questions About Users and Roles

Is there a limit to how many users I can add?

No. Every Task Session licence includes unlimited users. Add as many admin, staff, and client accounts as your business requires. There is no per-seat charge.

Can a user have multiple roles?

Each user is assigned one role at a time. If you need a combination of permissions that no single built-in role provides, create a custom role with the exact permissions required and assign that to the user.

Can I change a user’s role without creating a new account?

Yes. Edit the user’s profile and change their role from the dropdown. The change takes effect immediately. No data is lost when changing roles — their task history, comments, and files remain intact.

What happens to a user’s tasks when I deactivate them?

Tasks assigned to a deactivated user remain in the system and retain their assignment. They will not be completed by the deactivated user, so you should reassign open tasks to active team members. Completed tasks and historical activity remain attributed to the original user.

Can staff members see each other’s tasks?

Within a shared project, staff members can see all tasks in that project (unless the task is restricted by additional permission controls). They cannot see tasks in projects they are not assigned to. If you need task-level privacy within a shared project, use personal Kanban columns or create separate projects for confidential work.

How does Google Login affect user roles?

If you have enabled Google Login (OAuth), new users who register through Google are assigned the Client role by default. This prevents unknown users from gaining staff or admin access. You can change their role after they register, or disable new Google registrations entirely so that only existing users can log in with Google.

Can I create a role that only has access to invoicing?

Yes. Create a custom role, disable all project, task, file, and settings permissions, and enable only the invoicing/financial permissions. Assign this role to your bookkeeper or finance person. They will see the Invoicing section and nothing else.