All documentation · Access & roles

Roles and permissions

Create roles from templates, set access levels across the 25 permission resources, and control exactly which modules each person in your Clyentra workspace can see.

7 min read · Reviewed

Roles decide what each person in your workspace can see and change. By the end of this guide you will have built a role that matches a real job on your team, and you will understand exactly what each access level unlocks.

Go to /admin/roles-permissions. The screen is titled Roles & Permissions — "Manage roles and access control".

How access works

Clyentra's model is simple and worth internalising before you start clicking.

  • A role is a named set of permissions — for example Content Manager.
  • A resource is an area of the product, like Contact, Drive or Subscription. There are 25 of them.
  • For each resource, the role grants one of three access levels.
  • Every member holds exactly one role, assigned when you invite them in manage-your-team.

Permissions shape the navigation: This is the part people miss. A user only sees the modules their role grants. Give someone no access to Marketing and the Marketing hub does not appear in their sidebar at all — it is not greyed out, it is gone. A role that grants very little produces a nearly empty-looking workspace.

The three access levels

One quirk to know: the role editor and the read-only role details view label the same three levels differently.

In the role editorIn the role details viewWhat it means
No AccessNoneThe module is hidden entirely
View OnlyViewerCan open and read, cannot change anything
View & EditEditorFull access — read, create, edit, delete

They are the same three levels either way. Do not go hunting for a fourth.

Read the metrics

The header shows Total Roles (with the number that are custom), System Roles, Users Assigned and Permission Types. Click System Roles to filter the table down to the built-ins.

Start from a template

Do not build a role from an empty grid. Press Create Role, then open Start from template at the top of the sheet. A template pre-fills the name, the description and the entire permission grid, and you adjust from there.

TemplateBuilt for
AdminBroad access across all business resources. Sensitive areas like Permissions and Audit are restricted
ManagerFull access to day-to-day business resources; admin and security areas are read-only or hidden
EmployeeCore collaboration tools — tasks, calendar, meetings, chat, drive. Administrative resources hidden
Sales TeamLead management, pipelines and customer relationships
Support TeamCustomer service and communication tools
View OnlyRead-only access across every resource. No edits anywhere
HR TeamEmployee management, HR operations and people tools

Template, then tweak: Picking Sales Team and turning two resources up or down is far faster — and far safer — than setting 25 dropdowns by hand. Selecting a template overwrites the name, description and every permission in the grid, so choose it first, then edit.

Create a role

  1. Press Create Role. A side sheet opens: Create Role — "Define a new role and assign permissions."
  2. Pick a template. Open Start from template and choose the closest match. The whole form fills in. Use the clear button next to the dropdown to reset back to a blank grid.
  3. Name it. Role Name is required and capped at 50 characters. Name it after the job, not the person — Content Manager, not Dana's role.
  4. Describe it. Description is optional and capped at 255 characters. Write down why the role exists. In a year, the person auditing this will thank you.
  5. Set the permissions. Work down the grid. Each resource has a dropdown offering No Access, View Only and View & Edit, plus - and + buttons to step the level up or down. The grid shows six resources per page — page through all 25.
  6. Save. Press Create. The role is now available in the Role dropdown when you invite someone.

Use SET ALL TO as a starting posture: The SET ALL TO selector applies one level to every resource at once. Set everything to No Access, then grant back only what the job needs. That is a deny-by-default approach and it is the safest way to build a tight role from scratch. Note it applies to whatever the search box has filtered to — clear the search first if you mean everything.

The 25 permission resources

These are every resource you can set a level on. Search the grid by name to jump to one.

ResourceGoverns
OrganizationThe organization record itself
UserUser accounts
TeamInviting and removing members — manage-your-team
DashboardDashboards — business-dashboards
ContactContacts
CustomerLeads and customers — leads-and-customers
TaskTasks and time tracking — tasks-and-time-tracking
CalendarThe team calendar — team-calendar
MeetingVideo meetings — video-meetings
ChatTeam chat and the social inbox — team-chat
CommerceOrders, invoices and payments — orders-invoices-payments
CatalogProducts and coupons — products-and-coupons
MarketingThe marketing hub — marketing-hub
AI ToolsImage, video and website studios
DriveFile storage — drive-file-storage
ReportAnalytics and reporting
SettingsAdmin settings and integrations — organization-settings
AuditAudit records
PermissionsThis screen — who can change roles
WorkflowAutomations — workflow-automation
Ecom StoreHosted storefronts — hosted-storefronts
Sales PipelineThe pipeline — sales-pipeline
SubscriptionBilling and AI credits — subscription-billing
EmployeeEmployee records — hr-administration
HRHR configuration

System roles

Roles that ship with Clyentra carry a System badge in the table. You can open and inspect them, but they are not yours to edit or delete — the edit and delete actions do not appear on them. Super Admin is special-cased on top of that.

If a system role is almost right, do not fight it: create a new role from the matching template and adjust that instead.

Inspect a role

Open any role to see a read-only sheet listing every Resource against its Access Level — the badges read None, Viewer or Editor. This is the fastest way to answer "what can this person actually do?" during an access review. If the role is custom and you have permission, an Edit button sits in the footer.

Delete a role

Custom roles can be deleted. Clyentra asks you to confirm the role by name. Reassign anyone holding the role first — a person with no sensible role has no sensible workspace.

Who can manage roles

Everything on this screen is gated by the Permissions resource. Without it at Editor level, Create Role does not appear and the role rows are read-only. It is the most sensitive permission in the product — the Admin template deliberately withholds it, because someone who can edit permissions can grant themselves anything.

A sane setup: One or two people hold Permissions. Everyone else gets a role built from a template — Sales Team, Support Team, HR Team, Employee — with a handful of deliberate adjustments. Review the roles once a quarter using the read-only role view.

Questions people ask

What is the difference between Viewer and View Only?

Nothing — they are the same level under two labels. The role editor calls the three levels No Access, View Only and View & Edit; the read-only role details view calls them None, Viewer and Editor.

How many permission resources are there?

25: Organization, User, Team, Dashboard, Contact, Customer, Task, Calendar, Meeting, Chat, Commerce, Catalog, Marketing, AI Tools, Drive, Report, Settings, Audit, Permissions, Workflow, Ecom Store, Sales Pipeline, Subscription, Employee and HR. The grid shows six at a time, so page through it.

Why can't I edit the Admin role?

It carries a System badge. Built-in roles cannot be edited or deleted. Press Create Role, choose Admin under Start from template, and adjust the copy — that gives you an editable role with the same starting permissions.

A teammate says a whole module is missing from their sidebar. Why?

Their role grants No Access on that resource. Permissions filter the navigation, so a module they cannot use does not appear at all. Open their role, find the resource, and raise it to View Only or View & Edit.

What is the fastest way to build a tight, minimal role?

Use SET ALL TONo Access to zero out the whole grid, then grant back only the resources the job needs. Clear the permission search box first, since SET ALL TO applies to what is currently filtered.

Who should hold the Permissions permission?

As few people as possible. Anyone with Permissions at Editor level can change any role — including their own — and therefore grant themselves access to anything. That is why the built-in Admin template does not hand it out.

Can one person hold two roles?

No. Each member holds a single role, set in the Role dropdown on the member row. If someone needs a blend of two jobs, build a role that reflects the blend.

Every Clyentra guide