Hi,
Thanks for your message. We understand your concerns, and Vik Booking defines by default a few custom capabilities that you can allow or deny to certain WordPress user roles.
From the page Dashboard of Vik Booking, any Administrator account should be able to see the “Permissions” button in the top toolbar, from which the ACL permissions can be set up.
Our suggestion is to play with the various capabilities to see which combination of permissions suits you better for your staff. There’s a dedicated capability to “Pricing Management”, which should probably be disabled/denied for the role of your staff, but if you need to keep the “Bookings Management” capability enabled/allowed to perform check-in/check-out operations, then our suggestion is to deny another capability like “Edit” for the user role of your staff. This way it won’t be possible to amend any contents within Vik Booking, not even the bookings. That’s a similar permission to what the “Author” role can do.
Also, we suggest giving a look at the front-end Operators shortcode, which can be used to grant access to specific users to a special page of the front-end, which would keep all the wp-admin functionalities separate. The “Operators Login” page was actually designed for housekeeping or room service operations, where the staff or receptionists are usually allowed to access the complete back-end interface of Vik Booking.
We hope this helps!
Best regards,
The VikWP Team