Roles & permissions
Deckchair has three roles. The role is set per-member and controls what each person sees and can do in the app.
At a glance
Section titled “At a glance”| Capability | Employee | Manager | Admin |
|---|---|---|---|
| Book leave for self | ✓ | ✓ | ✓ |
| Cancel own requests | ✓ | ✓ | ✓ |
| See the team wallchart | ✓ | ✓ | ✓ |
| See own balance & history | ✓ | ✓ | ✓ |
| Approve/reject requests | — | For assigned members + managed departments | Everyone |
| Book leave on behalf of others | — | For members they approve | Anyone |
| Add/edit/deactivate members | — | — | ✓ |
| Change organization settings | — | — | ✓ |
| Manage leave types | — | — | ✓ |
| Manage departments | — | — | ✓ |
| Change holiday country/region | — | — | ✓ |
| Manage locked dates | — | ✓ (for their department) | ✓ |
| Billing & subscription | — | — | ✓ |
| CSV bulk import | — | — | ✓ |
Employee
Section titled “Employee”The default role. Employees can manage their own leave and see their colleagues’ availability on the wallchart, but they can’t make changes at the organization level.
Manager
Section titled “Manager”A manager is an employee plus approval powers. Specifically, a manager can:
- Approve or reject requests from any member whose approver field is set to them.
- Approve or reject requests from anyone in a department they manage (set the department’s “manager” under Settings → Departments).
- Book leave on behalf of those same members.
- Set locked dates for their managed department.
Managers don’t have access to org-wide settings — for that, they need the admin role.
Admins have unrestricted access to the organization. They can do everything a manager can, plus:
- Invite, edit, deactivate, and delete any member.
- Change organization-level settings (name, timezone, leave year, work pattern, carryover).
- Create, edit, and deactivate leave types.
- Manage departments and the hierarchy.
- Change the country/region that drives public-holiday auto-sync.
- Set any locked date.
- View billing, manage the subscription, and access invoices.
You can have multiple admins — and you should, so the organization isn’t locked out if one person leaves.
Choosing roles for your team
Section titled “Choosing roles for your team”Rough guide:
- Company founder / people ops lead → admin.
- Team leads who approve their reports’ leave → manager (or admin if they also handle HR configuration).
- Everyone else → employee.
Don’t over-grant admin: anyone with admin can change everyone’s allowances, see all leave reasons, and cancel the subscription. Keep it to people who genuinely need org-wide access.
Changing roles
Section titled “Changing roles”Go to Settings → Team, click the member, and change the Role field. The change is immediate — they’ll see new menu items (or lose them) on their next navigation.
Demoting yourself is allowed, but don’t demote the last admin. If you somehow end up with zero admins, contact support.
Automatic promotion to manager
Section titled “Automatic promotion to manager”To stop you from creating an approval setup that silently does nothing, Deckchair will auto-promote an employee to manager when you:
- Set them as a department’s manager (under Settings → Departments), or
- Set them as another member’s approver (under Settings → Team → Edit member).
Both forms warn you before saving, and the success toast confirms it happened. The promotion runs in the same transaction as the parent change, so if the assignment fails, the role flip rolls back too.
Automatic demotion when duties end
Section titled “Automatic demotion when duties end”The flip side: if a member was auto-promoted into the manager role and later loses every approval duty (no remaining approvees, no managed departments), Deckchair drops them back to employee. This stops auto-promoted managers from quietly accumulating org-wide read powers after their reason for being a manager has gone away.
This only applies to auto-promoted managers. If you explicitly set someone’s role to manager under Settings → Team, they stay a manager until you change the role yourself — clearing or reassigning their duties won’t demote them. Admins are never auto-demoted.
The auto-demote runs in the same transaction as the action that triggered it (reassigning an approver, reassigning or removing a department manager, or deactivating/deleting their last approvee). Audit-log entries record both auto-promotions and auto-demotions for traceability.