CRM Permissions & Role Setup
AccuArk's CRM module uses a role-based permission system to control who can access each feature. There are 19 CRM-specific permissions, each mapped to a specific capability within the module. These permissions determine whether a user can view activities, create deals, manage tickets, configure pipeline stages, or access the CRM dashboard and reports. Understanding how these permissions work is essential for setting up your team correctly and ensuring that each person has access to exactly the features they need — no more, no less.
This article provides a complete reference for every CRM permission, explains the default role assignments, walks you through recommended configurations for common job functions, and shows you how to grant or revoke permissions.
How CRM Permissions Work
Every CRM feature checks for a specific permission before allowing access. When a user clicks a CRM menu item, opens a CRM tab, or attempts to create, edit, or delete a CRM record, the system verifies that the user's role includes the required permission. If the permission is not granted, the feature is hidden or the action is blocked.
CRM permissions follow AccuArk's standard role-based access control model. Permissions are assigned to roles (not directly to users), and each user is assigned one role. When you grant a permission to a role, every user with that role gains the corresponding capability.
CRM permissions use IDs 318 through 336 in the permissions table. They are grouped by feature area: activities, deals, tickets, tasks, and administration.
Complete Permission Reference
The following table lists all 19 CRM permissions, their database IDs, and what each permission controls.
Activity Permissions
| Permission | ID | What It Controls |
|---|---|---|
| CRM_VIEW_ACTIVITIES | 318 | Allows the user to see the Activities tab on the Customer Form and view the activity timeline. Without this permission, the Activities tab is hidden. |
| CRM_CREATE_ACTIVITY | 319 | Allows the user to log new activities (phone calls, emails, meetings, notes, site visits, video calls) against a customer record. The activity toolbar buttons are hidden without this permission. |
Deal Permissions
| Permission | ID | What It Controls |
|---|---|---|
| CRM_VIEW_OWN_DEALS | 320 | Allows the user to see deals that are assigned to them or that they created. This is the base-level deal visibility permission. Without it, the Deals tab on the Customer Form is hidden. |
| CRM_VIEW_ALL_DEALS | 321 | Allows the user to see all deals across all locations, regardless of assignment or location visibility settings. This is a manager-level override that bypasses location-based filtering. |
| CRM_CREATE_DEAL | 322 | Allows the user to create new deal/opportunity records. The New Deal button is hidden without this permission. |
| CRM_EDIT_DEAL | 323 | Allows the user to edit deal details, change deal values, update probabilities, and move deals between pipeline stages. Without this permission, deals are read-only. |
| CRM_DELETE_DEAL | 324 | Allows the user to delete deal records entirely. This is a destructive action and is typically restricted to admins. |
Ticket Permissions
| Permission | ID | What It Controls |
|---|---|---|
| CRM_VIEW_OWN_TICKETS | 325 | Allows the user to see tickets that are assigned to them or that they created. This is the base-level ticket visibility permission. Without it, the Tickets tab is hidden. |
| CRM_VIEW_ALL_TICKETS | 326 | Allows the user to see all tickets across all locations, regardless of assignment or location visibility settings. This is a manager-level override for cross-location ticket visibility. |
| CRM_CREATE_TICKET | 327 | Allows the user to create new support tickets. The New Ticket button is hidden without this permission. |
| CRM_EDIT_TICKET | 328 | Allows the user to edit ticket details and change ticket status (e.g., from Open to In Progress to Resolved). Without this permission, tickets are read-only. |
| CRM_DELETE_TICKET | 329 | Allows the user to delete ticket records. Like deal deletion, this is typically restricted to admins. |
Task Permissions
| Permission | ID | What It Controls |
|---|---|---|
| CRM_VIEW_OWN_TASKS | 330 | Allows the user to see tasks that are assigned to them. This is the base-level task visibility permission. Without it, the Tasks tab is hidden. |
| CRM_VIEW_ALL_TASKS | 331 | Allows the user to see all tasks across all locations, regardless of assignment or location visibility settings. This is a manager-level override for cross-location task visibility. |
| CRM_CREATE_TASK | 332 | Allows the user to create new follow-up tasks. The New Task button is hidden without this permission. |
| CRM_EDIT_TASK | 333 | Allows the user to edit task details, change due dates, update priorities, and mark tasks as completed. Without this permission, tasks are read-only. |
Administration Permissions
| Permission | ID | What It Controls |
|---|---|---|
| CRM_MANAGE_PIPELINE | 334 | Allows the user to configure pipeline stages, lead sources, activity types, ticket categories, client tags, and all other CRM settings. This is the CRM administration permission. Without it, the CRM Settings menu item is hidden. |
| CRM_VIEW_DASHBOARD | 335 | Allows the user to access the CRM Dashboard, which provides an overview of tasks, deals, tickets, and recent activity. Without this permission, the Dashboard menu item is hidden. |
| CRM_VIEW_REPORTS | 336 | Allows the user to access CRM Reports for analytics and performance tracking. Without this permission, the Reports menu item under CRM is hidden. |
Default Role Assignments
AccuArk ships with five built-in roles. The following table shows which CRM permissions are granted to each role by default. You can customize these assignments at any time through the Roles & Permissions settings.
| Permission | Super Admin (6) | Location Admin (7) | Manager (8) | Employee (9) | Accountant (10) |
|---|---|---|---|---|---|
| CRM_VIEW_ACTIVITIES | Yes | Yes | Yes | Yes | Yes |
| CRM_CREATE_ACTIVITY | Yes | Yes | Yes | Yes | No |
| CRM_VIEW_OWN_DEALS | Yes | Yes | Yes | Yes | Yes |
| CRM_VIEW_ALL_DEALS | Yes | Yes | No | No | No |
| CRM_CREATE_DEAL | Yes | Yes | Yes | Yes | No |
| CRM_EDIT_DEAL | Yes | Yes | Yes | No | No |
| CRM_DELETE_DEAL | Yes | Yes | No | No | No |
| CRM_VIEW_OWN_TICKETS | Yes | Yes | Yes | Yes | No |
| CRM_VIEW_ALL_TICKETS | Yes | Yes | No | No | No |
| CRM_CREATE_TICKET | Yes | Yes | Yes | Yes | No |
| CRM_EDIT_TICKET | Yes | Yes | Yes | Yes | No |
| CRM_DELETE_TICKET | Yes | Yes | No | No | No |
| CRM_VIEW_OWN_TASKS | Yes | Yes | Yes | Yes | No |
| CRM_VIEW_ALL_TASKS | Yes | Yes | No | No | No |
| CRM_CREATE_TASK | Yes | Yes | Yes | Yes | No |
| CRM_EDIT_TASK | Yes | Yes | Yes | Yes | No |
| CRM_MANAGE_PIPELINE | Yes | Yes | No | No | No |
| CRM_VIEW_DASHBOARD | Yes | Yes | Yes | No | Yes |
| CRM_VIEW_REPORTS | Yes | Yes | Yes | No | No |
Key Observations About the Defaults
- Super Admin and Location Admin have all 19 CRM permissions. They can do everything.
- Manager has most permissions but cannot delete deals or tickets, cannot view all deals/tickets/tasks across locations, and cannot manage pipeline settings.
- Employee has basic create and view-own permissions for deals, tickets, and tasks but cannot edit deals, delete anything, or access the dashboard or reports.
- Accountant has read-only access to activities and deals (for financial context) plus dashboard access, but no ticket or task access and no create/edit/delete capabilities.
Recommended Configurations for Common Job Functions
The default role assignments are a good starting point, but your business may have specialized job functions that require custom permission sets. Below are recommended configurations for four common CRM-focused roles.
Sales Representative
A salesperson who manages their own deals and customer relationships. They need to log activities, create and manage deals, and track follow-up tasks.
Recommended permissions:
- CRM_VIEW_ACTIVITIES (318)
- CRM_CREATE_ACTIVITY (319)
- CRM_VIEW_OWN_DEALS (320)
- CRM_CREATE_DEAL (322)
- CRM_EDIT_DEAL (323)
- CRM_VIEW_OWN_TASKS (330)
- CRM_CREATE_TASK (332)
- CRM_EDIT_TASK (333)
- CRM_VIEW_DASHBOARD (335)
This configuration lets the salesperson manage their own pipeline without seeing other team members' deals. The dashboard gives them a daily overview of their workload.
Support Agent
A support team member who handles customer tickets and logs interactions. They need to create and manage tickets, log activities, and track follow-up tasks.
Recommended permissions:
- CRM_VIEW_ACTIVITIES (318)
- CRM_CREATE_ACTIVITY (319)
- CRM_VIEW_OWN_TICKETS (325)
- CRM_CREATE_TICKET (327)
- CRM_EDIT_TICKET (328)
- CRM_VIEW_OWN_TASKS (330)
- CRM_CREATE_TASK (332)
- CRM_EDIT_TASK (333)
- CRM_VIEW_DASHBOARD (335)
This configuration focuses on ticket management. The agent can create and resolve tickets, log related activities, and use the dashboard to track their open ticket queue.
Sales Manager
A manager who oversees the sales team and needs visibility into all deals and tasks. They need cross-location visibility and reporting access.
Recommended permissions:
- CRM_VIEW_ACTIVITIES (318)
- CRM_CREATE_ACTIVITY (319)
- CRM_VIEW_OWN_DEALS (320)
- CRM_VIEW_ALL_DEALS (321)
- CRM_CREATE_DEAL (322)
- CRM_EDIT_DEAL (323)
- CRM_DELETE_DEAL (324)
- CRM_VIEW_OWN_TASKS (330)
- CRM_VIEW_ALL_TASKS (331)
- CRM_CREATE_TASK (332)
- CRM_EDIT_TASK (333)
- CRM_VIEW_DASHBOARD (335)
- CRM_VIEW_REPORTS (336)
This configuration gives the manager full deal and task oversight, including the ability to see records across all locations and access reports for performance tracking.
CRM Administrator
An administrator who manages the CRM configuration and has full access to all features.
Recommended permissions: All 19 CRM permissions (318 through 336).
This is effectively the same as the Super Admin default. Grant all permissions when you need someone to manage pipeline stages, CRM settings, and have unrestricted access to all CRM data.
How to Grant or Revoke Permissions
To change the CRM permissions assigned to a role:
- Navigate to Settings in the main menu.
- Click Roles & Permissions.
- Select the role you want to modify from the role list on the left.
- Scroll down to the CRM permission group.
- Check or uncheck individual permissions as needed.
- Click Save to apply the changes.
Permission changes take effect immediately. Any user with the modified role will gain or lose access the next time they open a CRM form or refresh their current view. Users do not need to log out and back in.
Dynamic Visibility and Location Interaction
CRM permissions interact with AccuArk's location-based visibility settings. Understanding this interaction is important for getting the expected behavior.
The VIEW_OWN_* permissions (CRM_VIEW_OWN_DEALS, CRM_VIEW_OWN_TICKETS, CRM_VIEW_OWN_TASKS) are the base requirement for accessing CRM records. Once a user has the base permission, the actual records they can see are further controlled by the location's CRM visibility settings (owner_only vs. location_wide).
- If the location uses owner_only visibility, the user sees only records assigned to them or created by them.
- If the location uses location_wide visibility, the user sees all records at that location.
The VIEW_ALL_* permissions (CRM_VIEW_ALL_DEALS, CRM_VIEW_ALL_TICKETS, CRM_VIEW_ALL_TASKS) always override location visibility settings. A user with VIEW_ALL_DEALS will see every deal across every location, regardless of whether those locations use owner_only or location_wide visibility.
For a detailed explanation of location visibility settings, see the companion article linked below.
Tips and Best Practices
- Start with the default roles — The built-in role assignments cover most common scenarios. Only customize when you have a specific need.
- Use the principle of least privilege — Grant only the permissions each role needs. This reduces the risk of accidental data modification or deletion.
- Separate view and edit permissions — Consider granting VIEW_OWN_DEALS without EDIT_DEAL for junior team members who need to see deals but should not modify them.
- Reserve delete permissions for admins — Deletion is irreversible. Restrict CRM_DELETE_DEAL and CRM_DELETE_TICKET to admin roles.
- Grant dashboard access broadly — The CRM Dashboard is a read-only overview. Granting CRM_VIEW_DASHBOARD to most roles is low risk and high value.
- Test with a non-admin account — After configuring permissions, log in as a test user with the modified role to verify that the expected features are visible and the restricted features are hidden.
What to Read Next
- Location Visibility Settings — How location-based visibility controls interact with CRM permissions
- CRM Settings Overview — Configuring lead sources, activity types, ticket categories, and client tags