All documentation · Access & roles
Roles and permissions
Create roles from templates, set access levels across the 25 permission resources, and control exactly which modules each person in your Clyentra workspace can see.
7 min read · Reviewed
Roles decide what each person in your workspace can see and change. By the end of this guide you will have built a role that matches a real job on your team, and you will understand exactly what each access level unlocks.
Go to /admin/roles-permissions. The screen is titled Roles & Permissions — "Manage roles and access control".
How access works
Clyentra's model is simple and worth internalising before you start clicking.
- A role is a named set of permissions — for example
Content Manager. - A resource is an area of the product, like Contact, Drive or Subscription. There are 25 of them.
- For each resource, the role grants one of three access levels.
- Every member holds exactly one role, assigned when you invite them in manage-your-team.
Permissions shape the navigation: This is the part people miss. A user only sees the modules their role grants. Give someone no access to Marketing and the Marketing hub does not appear in their sidebar at all — it is not greyed out, it is gone. A role that grants very little produces a nearly empty-looking workspace.
The three access levels
One quirk to know: the role editor and the read-only role details view label the same three levels differently.
| In the role editor | In the role details view | What it means |
|---|---|---|
No Access | None | The module is hidden entirely |
View Only | Viewer | Can open and read, cannot change anything |
View & Edit | Editor | Full access — read, create, edit, delete |
They are the same three levels either way. Do not go hunting for a fourth.
Read the metrics
The header shows Total Roles (with the number that are custom), System Roles, Users Assigned and Permission Types. Click System Roles to filter the table down to the built-ins.
Start from a template
Do not build a role from an empty grid. Press Create Role, then open Start from template at the top of the sheet. A template pre-fills the name, the description and the entire permission grid, and you adjust from there.
| Template | Built for |
|---|---|
| Admin | Broad access across all business resources. Sensitive areas like Permissions and Audit are restricted |
| Manager | Full access to day-to-day business resources; admin and security areas are read-only or hidden |
| Employee | Core collaboration tools — tasks, calendar, meetings, chat, drive. Administrative resources hidden |
| Sales Team | Lead management, pipelines and customer relationships |
| Support Team | Customer service and communication tools |
| View Only | Read-only access across every resource. No edits anywhere |
| HR Team | Employee management, HR operations and people tools |
Template, then tweak: Picking Sales Team and turning two resources up or down is far faster — and far safer — than setting 25 dropdowns by hand. Selecting a template overwrites the name, description and every permission in the grid, so choose it first, then edit.
Create a role
- Press Create Role. A side sheet opens:
Create Role— "Define a new role and assign permissions." - Pick a template. Open
Start from templateand choose the closest match. The whole form fills in. Use the clear button next to the dropdown to reset back to a blank grid. - Name it.
Role Nameis required and capped at 50 characters. Name it after the job, not the person —Content Manager, notDana's role. - Describe it.
Descriptionis optional and capped at 255 characters. Write down why the role exists. In a year, the person auditing this will thank you. - Set the permissions. Work down the grid. Each resource has a dropdown offering
No Access,View OnlyandView & Edit, plus - and + buttons to step the level up or down. The grid shows six resources per page — page through all 25. - Save. Press
Create. The role is now available in theRoledropdown when you invite someone.
Use SET ALL TO as a starting posture: The SET ALL TO selector applies one level to every resource at once. Set everything to No Access, then grant back only what the job needs. That is a deny-by-default approach and it is the safest way to build a tight role from scratch. Note it applies to whatever the search box has filtered to — clear the search first if you mean everything.
The 25 permission resources
These are every resource you can set a level on. Search the grid by name to jump to one.
| Resource | Governs |
|---|---|
| Organization | The organization record itself |
| User | User accounts |
| Team | Inviting and removing members — manage-your-team |
| Dashboard | Dashboards — business-dashboards |
| Contact | Contacts |
| Customer | Leads and customers — leads-and-customers |
| Task | Tasks and time tracking — tasks-and-time-tracking |
| Calendar | The team calendar — team-calendar |
| Meeting | Video meetings — video-meetings |
| Chat | Team chat and the social inbox — team-chat |
| Commerce | Orders, invoices and payments — orders-invoices-payments |
| Catalog | Products and coupons — products-and-coupons |
| Marketing | The marketing hub — marketing-hub |
| AI Tools | Image, video and website studios |
| Drive | File storage — drive-file-storage |
| Report | Analytics and reporting |
| Settings | Admin settings and integrations — organization-settings |
| Audit | Audit records |
| Permissions | This screen — who can change roles |
| Workflow | Automations — workflow-automation |
| Ecom Store | Hosted storefronts — hosted-storefronts |
| Sales Pipeline | The pipeline — sales-pipeline |
| Subscription | Billing and AI credits — subscription-billing |
| Employee | Employee records — hr-administration |
| HR | HR configuration |
System roles
Roles that ship with Clyentra carry a System badge in the table. You can open and inspect them, but they are not yours to edit or delete — the edit and delete actions do not appear on them. Super Admin is special-cased on top of that.
If a system role is almost right, do not fight it: create a new role from the matching template and adjust that instead.
Inspect a role
Open any role to see a read-only sheet listing every Resource against its Access Level — the badges read None, Viewer or Editor. This is the fastest way to answer "what can this person actually do?" during an access review. If the role is custom and you have permission, an Edit button sits in the footer.
Delete a role
Custom roles can be deleted. Clyentra asks you to confirm the role by name. Reassign anyone holding the role first — a person with no sensible role has no sensible workspace.
Who can manage roles
Everything on this screen is gated by the Permissions resource. Without it at Editor level, Create Role does not appear and the role rows are read-only. It is the most sensitive permission in the product — the Admin template deliberately withholds it, because someone who can edit permissions can grant themselves anything.
A sane setup: One or two people hold Permissions. Everyone else gets a role built from a template — Sales Team, Support Team, HR Team, Employee — with a handful of deliberate adjustments. Review the roles once a quarter using the read-only role view.
Questions people ask
What is the difference between Viewer and View Only?
Nothing — they are the same level under two labels. The role editor calls the three levels No Access, View Only and View & Edit; the read-only role details view calls them None, Viewer and Editor.
How many permission resources are there?
25: Organization, User, Team, Dashboard, Contact, Customer, Task, Calendar, Meeting, Chat, Commerce, Catalog, Marketing, AI Tools, Drive, Report, Settings, Audit, Permissions, Workflow, Ecom Store, Sales Pipeline, Subscription, Employee and HR. The grid shows six at a time, so page through it.
Why can't I edit the Admin role?
It carries a System badge. Built-in roles cannot be edited or deleted. Press Create Role, choose Admin under Start from template, and adjust the copy — that gives you an editable role with the same starting permissions.
A teammate says a whole module is missing from their sidebar. Why?
Their role grants No Access on that resource. Permissions filter the navigation, so a module they cannot use does not appear at all. Open their role, find the resource, and raise it to View Only or View & Edit.
What is the fastest way to build a tight, minimal role?
Use SET ALL TO → No Access to zero out the whole grid, then grant back only the resources the job needs. Clear the permission search box first, since SET ALL TO applies to what is currently filtered.
Who should hold the Permissions permission?
As few people as possible. Anyone with Permissions at Editor level can change any role — including their own — and therefore grant themselves access to anything. That is why the built-in Admin template does not hand it out.
Can one person hold two roles?
No. Each member holds a single role, set in the Role dropdown on the member row. If someone needs a blend of two jobs, build a role that reflects the blend.