System owners have full control over the comprehensive permissions system built into Flight School Booking.
The access control system used by Flight School Booking is based on role-based permissions. There are many permissions available to configure, and they're all found under the various main features under Admin. So if you don't want students to be able to book their own lessons, you can remove that permission while leaving Renters the option.
As an example, the permissions tab for Booking out settings is shown below:
Note: For the example, we have already added a new group (or Role) named "Examiners". These users can book out as PIC and also when the system would treat them as out of currency.
The Owner role is granted all permissions and is not shown in the table. Only the owner can view and change the permissions, this is not available to any other built-in roles. If you did want to allow someone trusted to change the permissions, you can create a new role (e.g. Security staff) and assign this role the permission "Administer permissions". Then, for your most trusted staff, add them to the roles Office staff and Security staff.
There are blank cells where it makes no sense to grant permission, for example the Accountant role does not need to book out. If your accountant is also a pilot, they will be given the Renter or Student role in addition to Accountant.
Where permissions have been changed from the designed default, the cell is highlighted in amber. This doesn't mean anything is wrong, it just draws your attention to the fact that the permissions have been changed. The Reset to defaults button will reset everything if you want to get back to the initial settings.
As another example, here are the permissions under Admin > Basic settings.
In this example, the instructor is not allowed to add new users. Only office staff (and the system owner) have permission in this system.
When permissions are changed, the event log (under Admin > Event log) records which permission changed and who changed it.