Roles & Permissions

Roles and permissions control user access to features, data, and actions within the system. This guide covers role configuration and permission management.

Overview

Roles & permissions enable you to:

Define user roles
Set feature permissions
Control data access
Manage field visibility
Configure approval rights
Audit access controls

Accessing Roles

Navigate to Settings → Roles & Permissions to manage roles.

Understanding Roles

Role Components

Component	Description
Role Name	Identifier
Description	Purpose
Permissions	Access rights
Data Access	Record visibility
Field Access	Field visibility

Permission Types

Type	Description
View	See data/feature
Create	Add new records
Edit	Modify existing
Delete	Remove records
Export	Download data
Admin	Full control

Default Roles

Role	Access Level
System Admin	Full system access
Company Admin	Company settings
Manager	Team and approvals
Standard User	Basic access
Read Only	View only

How-To Guides

How to Create Roles

Creating New Role

Go to Settings → Roles
Click New Role
Enter details:
- Role name
- Description
- Base role (copy from)
Configure permissions
Save role

Role Configuration

Role: Sales Manager

Description: Manages sales team and approvals

Based On: Standard User

Modules:
├─ CRM: Full Access
├─ Sales: Full Access
├─ Inventory: View Only
├─ Finance: View Own
└─ Reports: Full Access

Special Permissions:
├─ Approve Quotes
├─ Manage Team
└─ Export Data

How to Configure Permissions

Module Permissions

For each module, set:

Permission	Options
Access	None, View, Full
Create	Yes, No
Edit	None, Own, All
Delete	None, Own, All
Export	Yes, No

Permission Matrix

Permission Matrix: Sales Manager

Module          | View | Create | Edit | Delete | Export
─────────────────────────────────────────────────────────
CRM             |  ✓   |   ✓    |  All |  Own   |   ✓
Sales           |  ✓   |   ✓    |  All |  Own   |   ✓
Inventory       |  ✓   |   -    |   -  |   -    |   -
Finance         | Own  |   -    |   -  |   -    |   -
Reports         |  ✓   |   ✓    |  Own |  Own   |   ✓
Settings        |  -   |   -    |   -  |   -    |   -

How to Set Data Access

Data Visibility

Control which records users see:

Level	Description
All	All records
Team	Team's records
Own	Only their records
None	No access

Data Access Rules

Go to role configuration
Select Data Access
Set per module:
- All records
- Department records
- Team records
- Own records

Hierarchical Access

Data Access Hierarchy

CEO
└─ VP Sales (sees all sales)
   └─ Regional Manager (sees region)
      └─ Sales Rep (sees own)

How to Configure Field Access

Field-Level Security

Control field visibility:

Access	Description
Visible	Can see field
Editable	Can modify
Hidden	Cannot see
Read Only	See but not edit

Sensitive Fields

Protect sensitive data:

Financial figures
Personal information
Commission rates
Cost prices

How to Set Approval Permissions

Approval Rights

Configure who can approve:

Approval Type	Roles
Purchase Orders	Manager, Finance
Quotes	Manager, Sales Manager
Expenses	Manager, Finance
Leave	Manager, HR

Approval Limits

Set amount thresholds:

Purchase Order Approval

Sales Rep: Cannot approve
Sales Manager: Up to $5,000
Director: Up to $25,000
VP: Up to $100,000
CEO: Unlimited

How to Clone Roles

Cloning Process

Select existing role
Click Clone
Enter new name
Modify permissions
Save new role

Clone Use Cases

Department variations
Regional adaptations
Temporary roles
Testing changes

How to Manage Role Hierarchy

Hierarchy Setup

Role Hierarchy

System Admin
├─ Company Admin
│  ├─ Department Manager
│  │  └─ Team Lead
│  │     └─ Standard User
│  └─ Module Admin
└─ Read Only

Inheritance

Lower roles inherit restrictions
Cannot exceed parent
Can further restrict
Cannot grant more

How to Audit Role Changes

Change Tracking

System logs:

Role modifications
Permission changes
User assignments
Who made changes

Audit Report

Role Audit: Sales Manager
Date: January 2026

Changes:
├─ Jan 15: Permission added - Export Data
│  Changed by: Admin
│  Reason: Reporting requirements
│
├─ Jan 10: Data access changed - Team to All
│  Changed by: Admin
│  Reason: Cross-team collaboration
│
└─ Jan 5: Role created
   Created by: Admin

How to Test Permissions

Permission Testing

Go to role configuration
Click Test Permissions
Select test user
Impersonate access
Verify expected behavior

Testing Checklist

[ ] Module access correct
[ ] Data visibility correct
[ ] Field access correct
[ ] Approvals work
[ ] Reports accessible

Advanced Features

Dynamic Permissions

Context-based access:

Time-based access
Location-based
Record-state based
Workflow-driven

Permission Sets

Reusable permission groups:

Common combinations
Add-on permissions
Feature bundles
Modular access

Row-Level Security

Granular data control:

Filter by field value
Complex conditions
Multi-criteria
Dynamic filters

API Permissions

External access control:

API key permissions
Endpoint access
Rate limits
Data scope

Best Practices

🔐 Security

Least privilege
Regular review
Clear documentation
Audit trails

📋 Design

Clear naming
Logical grouping
Minimal overlap
Easy maintenance

👥 Assignment

Appropriate roles
Regular review
Prompt changes
Documentation

🔄 Maintenance

Periodic audits
Remove unused
Update for changes
Test thoroughly

Configuration

Role Settings

Navigate to Settings → Roles → Settings:

Hierarchy - Role structure
Defaults - Default role
Restrictions - Global limits
Audit - Tracking options

Permission Settings

Modules - Module access
Data - Record access
Fields - Field access
Actions - Action permissions

Audit Settings

Track Changes - What to log
Retention - How long
Alerts - When to notify
Reports - Standard reports

Troubleshooting

Common Issues

User missing permissions

Check role assignment
Verify permission set
Review inheritance
Check effective permissions

Cannot access module

Verify module permission
Check license
Review role config
Test with impersonation

Data not visible

Check data access level
Verify ownership
Review hierarchy
Check row-level security

Cannot approve

Verify approval rights
Check amount limits
Review workflow config
Check delegation

Next Steps

Learn about Security Settings to configure authentication and security policies.

Roles & Permissions ​

Overview ​

Accessing Roles ​

Understanding Roles ​

Role Components ​

Permission Types ​

Default Roles ​

How-To Guides ​

How to Create Roles ​

Creating New Role ​

Role Configuration ​

How to Configure Permissions ​

Module Permissions ​

Permission Matrix ​

How to Set Data Access ​

Data Visibility ​

Data Access Rules ​

Hierarchical Access ​

How to Configure Field Access ​

Field-Level Security ​

Sensitive Fields ​

How to Set Approval Permissions ​

Approval Rights ​

Approval Limits ​

How to Clone Roles ​

Cloning Process ​

Clone Use Cases ​

How to Manage Role Hierarchy ​

Hierarchy Setup ​

Inheritance ​

How to Audit Role Changes ​

Change Tracking ​

Audit Report ​

How to Test Permissions ​

Permission Testing ​

Testing Checklist ​

Advanced Features ​

Dynamic Permissions ​

Permission Sets ​

Row-Level Security ​

API Permissions ​

Best Practices ​

🔐 Security ​

📋 Design ​

👥 Assignment ​

🔄 Maintenance ​

Configuration ​

Role Settings ​

Permission Settings ​

Audit Settings ​

Troubleshooting ​

Common Issues ​