The CRM uses role-based access control to ensure each user has access appropriate to their responsibilities. Multiple roles may be assigned to a single user, and roles determine access across all CRM modules and apply to all properties within a hotel group.
Understanding roles
Roles define whether a user can view, edit, or access each area of the CRM. Each permission has one of three access levels:
None β No visibility or access.
Read Only β View only.
Full β Full access, including edits.
The permission list mirrors the CRM's left navigation structure, providing a consistent and predictable set of access controls.
πNote: Clients cannot create or modify roles. Role creation and modification are performed exclusively by the SHR support team. Clients may assign existing roles to users, but any changes to what a role can access must be requested through SHR support [email protected]
As well has having the role created by support, the support team can not make the following updates.
Role names cannot be changed after creation.
Roles cannot be deleted if they are assigned to an active user.
In multi-property environments, roles apply across the entire hotel group.
Create a user profile
Use this function to add users and assign existing roles.
From the left navigation menu, click Security.
Click User Profile.
Click New User.
Enter the user's First Name and Last Name.
Enter the user's Email Address, this is also used for login and notifications.
Complete any additional fields required by your organization's security standards.
Select the Active checkbox if the user should be able to log in immediately.
In the Roles section, select one or more existing roles to assign to the user.
Click Save and Close.
After saving, the system automatically sends the user an email with login instructions.
When a user no longer needs access, it is usually better to deactivate the user instead of deleting them. This preserves auditability.
Log in to the CRM
Follow the steps below to log in to the CRM.
Open your browser and navigate to your CRM login URL, this URL is provided during onboarding.
Enter your username.
Usernames are not case-sensitive.
Enter your password.
Click Log In.
Update a password
Follow the steps below to update your password.
On the login page, click Forgot Password.
Enter your email address.
Click Send Reset Link.
Check your email and follow the reset instructions.
πNote: Passwords must be at least eight characters long.
Access your account settings
Once logged in, users can access and manage their personal account settings.
From the top-right corner of the screen, click your username.
Click My Account.
Review the details displayed.
If permitted by your assigned role, update allowed personal information such as name or profile image.
Click Save and Close to apply changes.
πNote: Administrators may update user information but cannot change the user's username or password. Users may reset their own password via the login screen or from within their account settings if allowed.
Log out of the CRM
Follow the steps below to safely log out of the CRM.
From the top-right corner of the screen, click your username.
Click Logout.
The CRM will return you to the login screen.
Logging out is recommended after each session to protect account security
Set up two-factor authentication (2FA)
Two-factor authentication adds an extra layer of security to user logins. The CRM supports email authentication and mobile authenticator app which is recommended.
Email authentications requires a correctly configured email address in the system, along with access to that email so the verification code will be delivered correctly.
πImportant: Relying solely on email for 2FA increases security risk. Using only email for 2FA can leave accounts more vulnerable to Business Email Compromise (BEC) attacks. For example, if an attacker gains access to the user's email account.
A mobile authentication app is recommended as it uses a separate physical device which is only accessed by one user, does not rely on the security of the email inbox and provides stronger protection against unauthorized access. Supported apps include Authy, Duo, Google Authenticator, and Microsoft Authenticator.
Configure two-factor authentication
Outlined below is how to configure two-factor authentication.
Click your username in the top-right corner of the CRM.
Click Authentication Settings.
In the Authentication type dropdown, select one of the following: Email or Mobile App.
If you selected email:
Confirm your email address is correct.
Click Save and Close.
If you selected mobile app:
Open your preferred authenticator app on your mobile device.
Scan the QR code displayed on the screen.
Enter the verification code generated by the app into the CRM.
Click Save and Close.
π€Tip: Authentication settings should be reviewed whenever a user's role changes especially if they are granted access to more sensitive data or functions.
Frequently asked questions
Outlined below are some of the most frequently asked questions.
Can I create or modify roles?
No. Clients cannot create or modify roles. Role creation and modification are performed exclusively by the SHR Support Team. You may assign existing roles to users, but any changes to what a role can access must be requested through SHR Support.
Can I assign multiple roles to one user?
Yes. Multiple roles may be assigned to a single user. The user will have the combined permissions of all assigned roles.
What should I do if a user no longer needs access?
It is better to deactivate the user instead of deleting them. This preserves auditability and allows you to reactivate the user if needed in the future.
How do I reset a user's password?
Users can reset their own password via the Forgot Password link on the login screen. Administrators cannot directly change a user's password but can guide the user through the reset process.
Can roles be deleted?
Roles cannot be deleted if they are assigned to an active user. If you need to remove a role, first reassign all users to different roles, then contact SHR Support to request role deletion.