Role Permissions
Configure what each role can do.
Permission Basics
Every permission has a level that controls what users can do:
PERMISSION LEVELS
===============================================================================
Level Create View Edit Delete
───────────────────────────────────────────
None ✗ ✗ ✗ ✗
View ✗ ✓ ✗ ✗
Create ✓ ✓ ✗ ✗
Edit ✓ ✓ ✓ ✗
Full ✓ ✓ ✓ ✓
Example: Sales Rep with "Edit" on Sales Orders can:
- ✓ Create new orders
- ✓ View existing orders
- ✓ Modify orders
- ✗ Delete orders
Permission Categories
Permissions are grouped into categories:
| Category | Controls | Examples |
|---|---|---|
| Transactions | Financial documents | Sales Order, Invoice, Bill |
| Lists | Record types | Customer, Vendor, Item |
| Reports | Reporting access | Financial reports, sales reports |
| Setup | Configuration | Company settings, preferences |
| Custom Record | Custom record types | Any you've created |
Viewing Permissions
HOW TO SEE A ROLE'S PERMISSIONS
===============================================================================
Step 1: Navigate
Setup > Users/Roles > Manage Roles
Step 2: Click role name
Step 3: Go to "Permissions" subtab
Step 4: Browse by category
├── Click "Transactions" → see transaction permissions
├── Click "Lists" → see list/record permissions
├── Click "Reports" → see report permissions
└── etc.
Changing Permissions
HOW TO MODIFY PERMISSIONS
===============================================================================
Step 1: Open the role
Setup > Users/Roles > Manage Roles > [Role]
Step 2: Go to Permissions tab
Step 3: Find the permission to change
├── Click category (Transactions, Lists, etc.)
├── Scroll to find specific permission
└── Click dropdown next to it
Step 4: Change the level
├── Select: None, View, Create, Edit, or Full
└── Some have special levels like "Print" or "Approve"
Step 5: Save the role
Note: Changes apply on user's next login
Common Permission Examples
Sales Role Permissions
SALES REPRESENTATIVE TYPICAL PERMISSIONS
===============================================================================
Transactions:
├── Estimate/Quote: Full
├── Sales Order: Edit (can't delete)
├── Invoice: Create (can't edit after)
├── Opportunity: Full
└── Journal Entry: None
Lists:
├── Customer: Full
├── Contact: Full
├── Item: View
└── Vendor: None
Reports:
├── Sales Reports: View
├── Financial Reports: None
└── Customer Reports: View
Accounting Role Permissions
ACCOUNTANT TYPICAL PERMISSIONS
===============================================================================
Transactions:
├── Journal Entry: Full
├── Vendor Bill: Full
├── Vendor Payment: Full
├── Invoice: Edit
└── Sales Order: View
Lists:
├── Customer: Edit
├── Vendor: Full
├── Account: Edit
├── Item: View
Reports:
├── All Financial Reports: View
├── All Standard Reports: View
Special Permission Levels
Some permissions have special options beyond the standard levels:
| Special Level | What It Does |
|---|---|
| Can only print, not view data | |
| Approve | Can approve transactions |
| Execute | Can run scripts/workflows |
| Own | Can only access own records |
Permission Tips
Start Restrictive
PERMISSION DESIGN PRINCIPLE
===============================================================================
Start with: Minimum permissions
If user complains → add what's needed
Why?
├── Easier to add than remove
├── Avoids security holes
├── Forces clear requirements
└── Better audit trail
Compare Roles
HOW TO COMPARE TWO ROLES
===============================================================================
Navigation: Setup > Users/Roles > Role Permission Comparison
Step 1: Select first role
Step 2: Select second role
Step 3: View comparison
├── Shows permissions side by side
├── Highlights differences
└── Great for troubleshooting
Quick Reference
| I want to... | Go to |
|---|---|
| View role permissions | Role > Permissions tab |
| Change a permission | Role > Permissions > Change dropdown |
| Compare two roles | Setup > Users/Roles > Role Permission Comparison |
| See who has permission | Role > Users tab |
Common Issues
| Problem | Likely Cause | Solution |
|---|---|---|
| User can't see record | Missing permission | Add View or higher |
| User can't create | Permission is View only | Change to Create or higher |
| User can't edit | Permission is Create only | Change to Edit or higher |
| User can delete | Permission is Full | Change to Edit |
Key Takeaways
- 5 standard levels - None, View, Create, Edit, Full
- Start restrictive - add permissions as needed
- Category-based - Transactions, Lists, Reports, Setup
- Test before deploy - verify access is correct
- Changes on next login - not immediate
Related Topics
- Roles Overview - Role concepts
- Role Restrictions - Data visibility
- Custom Roles - Creating roles