Granular Permissions & Roles
Control Access, Protect Data, Empower Teams
Seven Built-In Roles
Superadmin
Full system access
- • See and edit everything
- • Team settings & billing
- • User management
Best for: Owners, founders
Organization Manager
Management access
- • View all team data
- • Edit all records
- • Financial oversight
Best for: Operations managers
Sales Manager
Sales leadership
- • Manage all deals
- • View all contacts
- • Sales reporting
Best for: Sales directors
Sales Representative
Individual sales
- • Manage own deals
- • View assigned contacts
- • Own pipeline
Best for: Sales reps, BDRs
Project Manager
Project leadership
- • Manage projects
- • View time tracking
- • Project reporting
Best for: PMs, delivery leads
Project Viewer
Client access
- • View assigned projects
- • See time reports
- • Read-only access
Best for: Clients, stakeholders
User
Team member
- • View own work
- • Edit own records
- • Time tracking
Best for: Developers, designers
Granular Permission System
Control specific actions with resource-level permissions
Permission Categories
CRM Permissions
- • contact.viewAny, create, update, delete
- • client.viewAny, create, update, delete
- • deal.viewAny, create, update, delete
Project Permissions
- • project.viewAny, create, update, delete
- • task.viewAny, create, update, delete
- • project-board.viewAny, create
Financial Permissions
- • invoice.viewAny, create, update
- • expense.viewAny, create, update
- • payment.viewAny, process
HR Permissions
- • hr-vacancy.viewAny, create, update
- • hr-candidate.viewAny, create
- • hr-interview.viewAny, create
Own vs. All Access
Control whether users see only their data or all team data
👤 View Own
User sees only their own records:
- • Own contacts & deals
- • Own tasks
- • Own time tracking
- • Own expenses
Example: Sales reps shouldn't see others' deals
👥 View All
User sees all team records:
- • All contacts & deals
- • All tasks
- • All time tracking
- • All expenses
Example: Managers need full visibility
Common Use Cases
Multi-Team Agencies
Separate team visibility—development sees projects, sales sees deals
Client Separation
Isolate client data—competitors don't see each other
Financial Protection
Restrict financial access—only managers see all invoices
Sales Territory
Each rep manages own pipeline without seeing others
Client Portal
Clients see only their projects and invoices
Audit Compliance
Track who accessed what for security compliance
Security & Audit Trail
Monitor access and maintain security compliance
Data Protection
- • Financial information protected
- • Client contacts secured
- • Sales pipelines isolated
- • Integration credentials safe
Activity Logging
- • Who accessed what
- • When access occurred
- • What actions taken
- • Failed access attempts logged
Real-World Access Control Examples
Scenario 1: Sales Team
Sales Manager:
- ✅ Sees all deals across team
- ✅ Views all contacts
- ✅ Creates email campaigns
- ❌ Cannot see project time tracking
Sales Rep:
- ✅ Sees only own deals
- ✅ Views own contacts
- ✅ Creates own outreach
- ❌ Cannot see other reps' data
Scenario 2: Agency with Clients
Agency Team:
- ✅ Full access to projects
- ✅ Client management
- ✅ Financial control
- ✅ Full editing rights
Client (Viewer):
- ✅ See their projects only
- ✅ View time reports
- ❌ No editing rights
- ❌ Cannot see other clients
Secure Your Business Data
Role-based access control, project-specific permissions, and audit trail—enterprise-grade security included
Free 14-day trial →