Each client you serve can have a portal login. They only see THEIR work — never another client's. The data isolation is RLS-enforced at the database level, so it's not just a UI filter.
What everyone with portal access sees
- Live work-order list with current status (Open, Hold, Active, Complete) for every WO opened against their company
- Per-WO detail: title, location, category, priority, assigned tech name, comments, photos
- Submit a request — creates a draft WO in your queue with
is_request=truefor you to triage - Locations management — they can edit the addresses + lockbox codes of their own sites
Owner-tier extras
Client users with company_role='owner' see three additional tabs:
- Invoices — all invoices issued to their company, with PDF download + outstanding balance
- NTE Profiles — view the per-category dollar caps you've set on their account. Read-only on their side; they can't raise their own caps
- Reports — spend by location (90-day rollup), repeat-issue detection (3+ WOs in same location/category), NTE compliance %
Non-owner client users (dispatchers / facility managers reporting to the owner) see only the WO list and submit-request flow. The reports + invoices are intentionally gated to keep money-data scoped to the owner.
What clients CANNOT do
- See other clients' work orders
- Edit a WO once it's in your queue (they can comment, not edit)
- See your other clients, your tech list, your QuickBooks integration, or anything internal
- See your costs / margins on the work — they only see the invoiced amount
- Reopen completed work orders (after 3 business days post-completion, the close is locked)
Inviting a client
From your admin portal, open Clients → pick the client → Invite owner. Their owner gets an email with a temp password. After they're in, THEY can invite their teammates from inside their own portal.
The trust model
This three-portal split is intentional: you (the admin) own the data, your tech sees only their work, your client sees only their work. Each portal has its own login, its own RLS policy, its own scoped view. The same physical TradelyHQ database serves all three with zero data leakage between them.