Roles & Permissions
Roles and permissions decide who can see and do what. Getting them right keeps sensitive work protected while letting each person do their job without friction.
#Why roles exist
A role bundles sensible default access for a type of user, so you do not have to configure every person from scratch. Permissions then fine-tune what a role can do in each area.
#Common user types
- Platform admin — configures the workspace, manages users, and controls settings.
- Support / staff users — work within the departments and actions their role allows.
#Permission actions
| Action | What it allows |
|---|---|
| View | See items in a module. |
| Create | Add new records or items. |
| Edit | Change existing items. |
| Delete | Remove items. |
| Publish | Make content or changes live. |
| Manage | Administer a module, including its settings. |
#Per-user overrides
Beyond role defaults, you can adjust access for an individual when their needs differ slightly from their role. Use overrides sparingly so access stays easy to reason about.
Least privilege by default
Give people the access their role needs and no more. It reduces risk, keeps the workspace tidy, and makes audits simpler.
#Why permissions matter
- They protect customer, financial, and people data.
- They keep AI agents and automations acting within a user’s allowed scope.
- They make responsibility clear across the team.
Was this page helpful?