RBAC & Permissions

Learn how Role-Based Access Control (RBAC) works and how to manage permissions for your team members.

Overview

Role-Based Access Control (RBAC) is a security feature that allows you to control what actions team members can perform in the CRM system. Instead of giving everyone full access, you assign roles with specific permissions. This ensures that team members can only access and modify data they're authorized to work with.

Security First: RBAC helps protect your data by ensuring that only authorized users can perform sensitive operations like deleting leads, modifying settings, or accessing billing information.

Default Roles

Admin

Full access to all features and settings. Can manage users, modify system settings, access billing, and perform all operations.

  • All read, write, delete, and execute permissions
  • User management
  • System settings
  • Billing access

Editor

Can create, edit, and delete CRM entities (leads, contacts, tickets, products, forms). Cannot modify system settings or access billing.

  • Read and write permissions
  • Delete permissions
  • Bulk operations
  • No system settings access

Viewer

Read-only access. Can view all CRM data but cannot create, edit, or delete anything. Perfect for team members who need to monitor activity.

  • Read permissions only
  • View all CRM entities
  • No write permissions
  • No delete permissions

Executor

Can execute flows and run operations but has limited write access. Perfect for team members who need to run workflows but shouldn't modify data.

  • Execute permissions
  • Read permissions
  • Limited write permissions
  • No delete permissions

Permission Types

Read

View data without making changes. Includes viewing leads, contacts, tickets, products, forms, and analytics.

Write

Create and modify data. Includes creating new leads, contacts, tickets, products, forms, and updating existing ones.

Delete

Remove data permanently. Includes deleting leads, contacts, tickets, products, and forms. Use with caution.

Execute

Run workflows and operations. Includes executing flows, sending bulk SMS, and running integrations.

Entity-Level Permissions

Permissions can be configured at the entity level, allowing fine-grained control over what users can do with specific CRM entities.

Leads

Control access to lead management features:

  • • Create, read, update, delete leads
  • • Bulk operations on leads
  • • Lead notification routing

Contacts

Control access to contact management:

  • • Create, read, update, delete contacts
  • • Bulk SMS operations
  • • Contact tagging

Tickets

Control access to support tickets:

  • • Create, read, update, delete tickets
  • • Ticket assignment
  • • Bulk ticket operations

Products

Control access to product catalog:

  • • Create, read, update, delete products
  • • Product activation/deactivation
  • • Bulk product operations

AI Forms

Control access to form management:

  • • Create, read, update, delete forms
  • • Form publishing
  • • Form analytics access

Security Best Practices

  • Principle of Least Privilege: Assign the minimum permissions necessary for each team member to perform their job.
  • Regular Audits: Periodically review user roles and permissions to ensure they're still appropriate.
  • Separate Admin Accounts: Use separate admin accounts for system administration, not regular user accounts.
  • Monitor Activity: Use activity logs to monitor what actions users are performing.

💡 Pro Tips

  • Start with Viewer role for new team members and upgrade permissions as needed
  • Use Editor role for team members who need to manage CRM data but shouldn't access system settings
  • Reserve Admin role for system administrators and account owners only
  • Use Executor role for team members who need to run workflows but shouldn't modify data
  • Review permissions regularly, especially when team members change roles or leave the organization
← Product CatalogCRM Overview →