CRM Logo

User Roles Permissions

Overview

CRMLeaf’s Roles & Permissions module allows administrators to:

  • Define custom roles based on job functions
  • Assign granular permissions (view, edit, delete, export, etc.)
  • Control access to sensitive data (e.g., salary, PII)
  • Schedule audits and revoke access instantly
  • Ensure compliance with GDPR, SOC 2, HIPAA, and more

Step-by-Step Guide

1. Accessing the Roles & Permissions Module

  • Navigate to Settings from the left sidebar.
  • Select Roles & Permissions under the Admin section.

Note: Only users with Admin privileges can access this section.

2. Creating a New Role

  • Click on “Add Role”.
  • Fill in the following:
    • Role Name (e.g., Sales Manager, HR Executive)
    • Description (Purpose or scope of this role)
    • Department Scope (Global or department-specific)
    • Role Type: Choose between User or Administrator

Tip: Keep role names intuitive and aligned with organizational titles.

3. Assigning Permissions

  • After creating the role, you’ll be redirected to the Permissions Matrix.
  • Select modules the role can access:
    • CRM (Leads, Contacts, Deals)
    • HRMS (Attendance, Payroll)
    • Finance (Invoices, Payments)
    • Projects, Inventory, etc.
  • For each module, define:
    • View
    • Create
    • Edit
    • Delete
    • Export

Security Tip: Apply the principle of least privilege—only grant access necessary for the role.

4. Assigning Roles to Users

  • Go to Employees under HRMS.
  • Select a user and click Edit.
  • Choose the appropriate User Role from the dropdown.

Note: You can auto-assign default roles during onboarding to streamline setup.

5. Auditing & Managing Access

  • Use the Audit Logs to track:
    • Role changes
    • Permission updates
    • User activity
  • Schedule Permission Reviews to ensure ongoing compliance.
  • Revoke or modify access instantly if an employee leaves or changes roles.

Reminder: Set calendar alerts for quarterly permission audits.

Advanced Features

  • Time-bound Access: Grant temporary access to contractors or interns.
  • Field-Level Security: Hide sensitive fields like salary or personal info based on role.
  • Multi-Factor Authentication (MFA): Built-in for added security