System Access

Contents

General

System access can be set for each entity so that on the strictest (=lowest) access level each user can only see their own entities. Every entity has always only one owner, which can be either an individual user or a group.

Note
The visibility of the activities is an exception and this is described in the guide Activities.

The visibility of the entities is inherited in the system role hierarchy so that the users with higher roles can always see the entities of the users that are on the same branch but with a lower role. By default, every user in the system can see each other’s entities.

Managing Users

CRM system users can be added, removed and edited in Settings → Users.

All the system users are listed in the main view. You can examine or edit a certain user by clicking either the username of the user or the Edit button in the first column of the row. A new user can be created by clicking the New User button. It is also possible to create a new user by copying an existing user as a template by clicking the Copy button on the right user row.

When you delete a user, you will also have to choose another user as an assignee for the deleted user’s entities.

Archive user

If the Archive user function is checked (and active), the entities of the deleted user will remain owned by the original user. The user is still removed from the user register and cannot use the system anymore. When editing the deleted and archived user’s entities, keep in mind that the ownership of the entity has to be transferred to an active user.

Note
Archiving is an additional chargeable feature that needs to be deployed separately. However, the “Archive User” option is always visible even if the function is not activated. You can check the activity of the function from your reseller.

In the Sharing Access settings, the strictest (=lowest) access level must be defined. When the strictest level has been defined, you can then start managing custom sharing rules by modules for different roles and groups (see further below, the roles and groups need to be determined first).

Sharing access can be edited in Settings → Sharing Access.

Note
Every time when you change the module sharing rules, you have to click the Recalculate button to apply the changes.

Roles

The role hierarchy defines the visibility and editing and deleting permissions of the entities. A user with a higher role can always manage the entities owned by users with lower roles in the same branch, but only according to their own user profile permissions. The user can not see or edit the entities of another user with the same role level (these permissions can be granted in Sharing Access).

Role Hierarchy can be edited in Settings → Roles.

In the role hierarchy tree, you can change the roles’ order, delete roles and add new ones. When you place the cursor on the role, you can see the functions available for the role.

If any changes are made, remember to update the permissions via Sharing Access by clicking the Recalculate button.

Profiles

A role is always linked to a Profile that defines the visibility of data of different entities to the users with the role. The form’s fields visible for each role are defined in profile permissions.

Profile settings can be edited in Settings → Profiles.

In the Profile settings it is possible to add, edit and delete the available profiles.

By clicking the name of the profile, you can edit the profile and define module-level permissions to view, create/edit and delete the entities and the visibility of the module fields and tools.

The visibility of the quick search fields in the modules is also managed in Profile settings. First, you’ll need to select the right profile. In editing mode, expand the settings of the Dashboards module by clicking the Expand/Collapse button. If the Quick search checkbox is checked, the quick search fields are visible for the users of the profile.

Groups

A group consists of a number of users in the system. An entity can be assigned to either an individual user or a group. If the entity is assigned to a group, it is visible for everyone who belongs to that group.

Groups can be edited in Settings → Groups.

On the Groups settings it is possible to add, edit and delete the available groups. You can freely add Users, other Groups, Roles and Roles with hierarchy to a group.

When the permissions have been defined on organization, role, profile and group level, you can also determine custom sharing rules for roles and groups in the Custom Sharing Rules section in Sharing Access. It is possible to add several different rules for different roles and groups.

System Access – Frequently Asked Questions

What is the default visibility level for users in the system?
By default, every user in the system can see each other’s entities.

How is visibility inherited in the system?
The visibility of entities follows a hierarchy based on roles. Users with higher roles can view entities owned by users with lower roles within the same branch.

What happens when I delete a user?
When a user is deleted, you must choose another user to be assigned as the owner of the deleted user’s entities.

How are sharing access permissions set?
In Sharing Access settings, the strictest access level is defined first. Then, custom sharing rules can be managed for each module for different roles and groups. Changes require clicking the Recalculate button to take effect.

How does the role hierarchy work?
The role hierarchy determines visibility and permissions for entities. Users with higher roles can manage entities of lower roles, but cannot see or edit entities of users with the same role level unless permissions are granted in Sharing Access.

What is the relationship between roles and profiles?
Each role is linked to a profile that defines the visibility of different data entities for users with that role. Profile settings can be edited in Settings → Profiles, allowing you to manage module-level permissions and visibility of fields.

Glossary

Access Level: The degree of visibility and permissions assigned to users within the system. The strictest access level allows users to see only their own entities.

Archive User: A function that, when activated, allows the entities of a deleted user to remain owned by that user even after they can no longer access the system. This feature requires separate activation.

Entity: One saved record in the system, e.g., one account, product, or quote that can be owned, viewed, and managed by users. Each entity has a single owner, which may be an individual user or a group.

Groups: Collections of users within the system. Entities can be assigned to an individual user or a group, allowing visibility for all members of that group.

Module: A component of the system that organizes specific functions and data types. Each module can have its own sharing rules and permissions.

Profile: A set of permissions associated with a role that defines the visibility and accessibility of various data entities for users assigned that role. Profiles can be edited to manage module-level permissions.

Role: A designation assigned to users that defines their level of access, visibility, and editing/deletion permissions for entities within the system. Roles can be hierarchical.

Role Hierarchy: The structured order of roles within the system, where users with higher roles have broader access rights and can manage entities of users with lower roles.

Sharing Access: A set of settings that determines how entity visibility and permissions are managed across users, roles, and groups within the organization.

Sharing Rules: Custom definitions for sharing permissions that can be set for different roles and groups within specific modules.

User: An individual account within the system that can own, manage, and interact with entities and data. Users can be added, edited, or removed through the management settings.

Was this article helpful?

Yes No