Roles & Permissions

Control who can see and do what by defining roles with entity, field, and record-level permissions.

This section is for workspace admins.

How permissions work

Each user is assigned one or more roles. Permissions merge with OR semantics -- if any role grants a permission, the user has it.

Permissions are evaluated at three levels:

  1. Entity permissions -- CRUD access per entity type.
  2. Field permissions -- read/write access per field.
  3. Record filters -- restrict which records are visible based on field conditions.

Create a role

Go to Settings > Roles. Click Create Role. Enter a name (e.g. "Sales Manager") and an optional description. The role editor opens with three tabs: Entity Permissions, Field Permissions, and Record Filters.

Set entity permissions

Open the Entity Permissions tab. A matrix shows all entity types as rows and Create, Read, Update, Delete as columns. Check or uncheck each cell.

Use the column header checkboxes to grant or revoke a permission across all entity types at once. Use the Grant All / Revoke All buttons per row for quick bulk changes.

Set field permissions

Open the Field Permissions tab. Select an entity type from the dropdown. A table lists every field with Can Read and Can Write checkboxes.

Fields default to full access. Uncheck a box to restrict it. For example, uncheck "Can Read" on a salary field so only certain roles can see it.

Field restrictions only take effect if the role also has entity-level Read or Update access for that entity type.

Set record filters

Open the Record Filters tab. Click Add Filter to create a condition. Each filter specifies:

  • Entity type -- which records the filter applies to.
  • Field -- the field to evaluate.
  • Operator -- equals, not equals, greater than, greater or equal, less than, less or equal, in, or contains.
  • Value -- the comparison value.

Example: restrict a sales rep to only see records where the "Owner" field equals their own name.

Filters within one role combine with AND logic (all conditions must match). Filters across different roles combine with OR logic (records matching any role's filters are visible).

Click the trash icon to remove a filter.

Edit a role

Go to Settings > Roles and click any role in the list. Update the name, description, or any permission settings. Click Update Role to save.

Delete a role

Open a role for editing and click Delete Role at the bottom. Confirm the deletion.

Deleting a role removes it from all users immediately. Those users lose the associated permissions right away. This cannot be undone.