Authorized Users — Roles & Permissions
Invite team members to your account, assign them a role, control exactly which modules they can use, and scope their access to specific properties or countries.
Overview
Every Ananas GDS account is created by one person — the account owner . The owner can invite additional team members, called authorized users (also referred to as sub-users). Each authorized user signs in with their own email and password but works inside the owner's account: they share the owner's company profile, subscription, and notification inbox.
The owner stays in full control through three layers:
| Layer | What it controls |
|---|---|
| Role | A job label (e.g. Reservations, Sales) used to organise your team. It does not grant or block anything by itself. |
| Module permissions | Per-module on/off switches. A module the user lacks permission for is hidden from their sidebar and blocked if they try to open it. |
| Data scope | Which data the user can see inside the permitted modules: specific properties for accommodation accounts, specific countries for tour operator / travel agent accounts. |
The account owner always has full access to everything — permissions only apply to authorized users. Only the owner can create, edit, or remove authorized users.
Where to Find It
In the app sidebar, open Roles & Permissions → Authorized User . The page lists your team with their name, email, account type, and activation status, and shows your current usage against your plan's authorized-user limit.
Plan Limits
The number of authorized users you can add depends on your subscription plan. The usage chip on the Authorized Users page shows how many slots you have used (for example 2 of 5 used ; higher tiers can be unlimited). When the limit is reached, the Add User button is disabled until you remove a user or upgrade your plan.
Creating an Authorized User
Roles
Each authorized user can be given one role. The role is a descriptive label for organising your team — access is controlled by the permission switches, not the role. The available roles depend on your account type:
| Account Type | Roles |
|---|---|
| Accommodation | General Manager, Reservations, Front Office, Public Relations, IT Specialist, Finance & Accounting |
| Tour Operator / Travel Agent | Sales, Operations, Finance, Finance & Accounting |
Module Permissions
Permissions are per-user switches, and the set offered depends on the account type. Each switch gates its module in two places at once: the sidebar entry is hidden, and the pages are blocked, for any authorized user who lacks it.
Accommodation Accounts
| Permission | Allows the user to |
|---|---|
| Manage Properties | Create, edit, and delete properties. |
| Manage Fact Sheet details | Edit fact sheet content. |
| Manage Property Photos / Gallery | Upload and manage photos. |
| Manage Stop Sale / Availability Charts | Create and edit stop sale events and availability. |
| Manage Company Settings & Profile | Edit company details, logo, and company-level settings. |
| Manage Mailing / Contacts List | Manage contacts and mailing lists. |
| Manage Partner Connections & Contracts | Send and manage partner contracts and use the partner market. |
| Access Invoicing Module | Use the invoicing module. |
| Access Rooming Lists | Use the rooming lists module. |
| Allowed Exporting / Sending Files | Export data, send mails, and download files. |
| Manage Developer Tools, System Integrations, APIs | Manage API tokens, widgets, integrations, and webhooks. |
| Manage Payment & Billing | View and manage the subscription, payment, and billing pages. |
Tour Operator / Travel Agent Accounts
| Permission | Allows the user to |
|---|---|
| Manage Partner Products & Content | Edit across mapping, room mapping, fact sheet overrides, and partner photos. Viewing partner data is available without this switch; editing is further limited by the user's country scope. |
| Manage Partner Connections / Market | Send and manage partner contracts and use the partner market. |
| Access Invoicing Module | Use the invoicing module. |
| Access Rooming Lists | Use the rooming lists module. |
| Export / Download Data | Export and download data and files. |
| View Finance & Accounting Reports | View finance and accounting reports. |
| Manage Company Settings & Profile | Edit company details, logo, and company-level settings. |
| Manage Payment & Billing | View and manage the subscription, payment, and billing pages. |
Billing requires Company Settings
The Payment & Billing pages live inside Company Settings, so granting Manage Payment & Billing automatically enables Manage Company Settings & Profile as well. The form marks the dependency for you.
Data Scoping
Beyond module permissions, each authorized user can be limited to a slice of your data. The scope panel on the user's edit page depends on your account type:
| Account Type | Scope | How it works |
|---|---|---|
| Accommodation | Property Access | Tick the properties from your portfolio the user may work with. A sub-user managing one hotel in a chain will not see the other properties unless granted access. |
| Tour Operator / Travel Agent | Country Access | Select the countries the user may work with. Their access to connected partner properties is limited to those destinations. |
Leaving the scope empty means no restriction — the user sees all your properties (accommodation) or all connected partner countries (tour operator), and only the module permissions apply.
Sessions & Notifications
Authorized users have their own independent login sessions — session limits apply per user, not per account. Notifications are shared: authorized users see the account's notification inbox, so the whole team works from the same partner updates.
API Endpoints
| Method | Path | Description |
|---|---|---|
GET |
/api/auth/authorized-users/ |
List all authorized users. |
GET |
/api/auth/authorized-users/quota/ |
Get the plan limit and current usage. |
POST |
/api/auth/authorized-users/create/ |
Create a new authorized user. |
GET |
/api/auth/authorized-users/{id}/ |
Get an authorized user's profile. |
PATCH |
/api/auth/authorized-users/{id}/update/ |
Update an authorized user's profile. |
DELETE |
/api/auth/authorized-users/{id}/delete/ |
Remove an authorized user. |
GET |
/api/auth/authorized-users/{id}/permissions/ |
Get the user's role, permission flags, and data scope. |
POST |
/api/auth/permissions/create/ |
Create the permissions record for a user. |
PUT |
/api/auth/permissions/update/{user_id}/ |
Update permission flags and data scope. |