When you're running a food business on your own, your kitchen management system only needs to work for one person. You know where everything is, you remember what you changed and when, and there's no risk of someone else overwriting your recipe with the wrong quantities.
The moment you bring in a second person — a part-time baker, a manager, a dietitian — that changes. Now you need a system that lets multiple people work in the same environment without stepping on each other, and without giving everyone access to everything.
This is where role-based access becomes important. And it's something most small food businesses don't think about until something goes wrong.
What goes wrong without proper access control
Here are the scenarios that come up repeatedly when a food business grows without putting access controls in place:
- A member of staff edits a recipe to adjust quantities for a batch they're making, and doesn't realise they've changed the master recipe — affecting every future batch and every label generated from it
- A manager can see customer pricing and margin data that you'd rather keep confidential
- A new team member accidentally deletes an ingredient or label template
- You can't tell who made a change to a recipe when a customer raises a concern about allergens
None of these are catastrophic on their own, but they erode trust in your systems and create compliance risks — particularly around allergen management, where recipe accuracy is a food safety issue.
The four roles in FoodCore
FoodCore has four built-in roles, each designed around a real job function in a food business:
Admin
Full access to all modules including user management, settings, and billing. Typically the business owner or head of operations. Can add and remove users, change roles, and access all data.
Chef
Access to recipes, ingredients, production runs, and shopping lists. Can create and edit recipes and log production. Does not have access to financial analytics, user management, or settings.
Manager
Access to orders, production scheduling, stock management, and analytics. Can see financial data and manage the operational side of the business. Does not have access to user management or settings.
Dietitian
Access to recipes, nutritional data, allergen information, menus, and meal planning. Focused on the nutritional and compliance side. Does not have access to financial data, orders, or user management.
Why role separation matters for food safety
Beyond the operational benefits, role-based access has a direct food safety implication: it creates accountability.
When every change to a recipe is attributed to a specific user — and logged with a timestamp — you have a clear audit trail. If a customer reports an allergic reaction and claims the product contained an allergen that wasn't declared, you can check the audit log to see exactly what the recipe contained on the date the product was made, and who last modified it.
This is not a hypothetical scenario. Allergen incidents happen, and when they do, the ability to demonstrate what your recipe contained and when it was last changed is important evidence — both for your defence and for identifying what went wrong.
Multi-site operations
If you operate from more than one kitchen or site, access control becomes more complex. You may want some users to have access across all sites (a head chef or operations manager) while others are restricted to a single site (a kitchen assistant at one location).
FoodCore supports multi-site access control. When you add a user, you can assign them to specific sites or give them access across all sites. This means a chef at your Manchester kitchen can't accidentally edit the recipes or stock levels for your London kitchen.
Practical tips for setting up your team
Start with the minimum access needed
Give each team member the role that matches their job function, not the most permissive role available. It's easy to upgrade someone's access if they need more — it's harder to explain why you're downgrading it.
Use named accounts, not shared logins
Every team member should have their own login. Shared logins defeat the purpose of an audit log — if three people share one account, you can't tell who made a change. FoodCore doesn't charge per seat, so there's no cost reason to share accounts.
Review access when roles change
When someone leaves or changes role, update their access immediately. A former employee with active login credentials is a security risk. FoodCore lets you deactivate accounts without deleting them — so you keep the audit history while removing access.
Brief your team on what they can and can't edit
Role-based access prevents accidental changes, but it doesn't replace clear communication. Make sure your team understands which parts of the system they're responsible for and what the process is for requesting changes to things outside their role.
When you're ready to bring in a dietitian
Many food businesses — particularly those serving care homes, schools, or clients with specific dietary requirements — work with a dietitian either in-house or as a consultant. The Dietitian role in FoodCore is designed for exactly this use case.
A dietitian can log in, review the nutritional analysis of your recipes, check allergen data, build meal plans, and flag any concerns — without being able to change your pricing, access your financial data, or modify your production schedule. They get the access they need to do their job, and nothing more.