[object Object]
15% OFF ON ANY PLANEnds in 07 57 29Claim now →15% OFF ON ANY PLANEnds in 07 57 29Claim now →15% OFF ON ANY PLANEnds in 07 57 29Claim now →15% OFF ON ANY PLANEnds in 07 57 29Claim now →15% OFF ON ANY PLANEnds in 07 57 29Claim now →15% OFF ON ANY PLANEnds in 07 57 29Claim now →
Login
Menu

Product

PricingIntegrationsFeaturesTemplates
new
Changelog
new

Support

Community
On-boarding
Help centre
Contact usExpertsStatus

Resources

Stories & SetupsAlternativesComparisonsSolutionsFree toolsMagazine

Company

AboutIn the pressBrand assetsAffiliates

Platforms

API docs
iPhone & iPad
Android
Twitter
YouTube
Instagram
Linkedin

All powered by

AI that runs your entire business as if it were you

Proposals drafted, invoices chased, clients updated - ask, and its done.

Learn more

Help Center / Settings and administration /

Custom roles and permissions

Every person in your workspace has a role that controls what they can see and do. Roles are configured in Settings > User roles, and permissions are set per role, not per person.

Built-in roles

Your workspace comes with four built-in roles:

  • Owner has unrestricted access to everything, including billing, workspace deletion, and all settings. There is one owner per workspace.
  • Co-owner has the same level of access as the owner, except they cannot delete the workspace or transfer ownership.
  • Team is the default role for team members you invite. Permissions are fully configurable.
  • Client is the default role for clients. Clients have restricted access by design and many permissions are locked off for this role. You cannot rename the Client role.

You can also create as many custom roles as you need for different team functions.

Creating a custom role

  1. Go to Settings > User roles.
  2. Click Create user role.
  3. Give the role a name that matches the team function, like "Designer," "Finance," or "Account Manager."
  4. Once created, click into the role to configure its permissions.

Permission categories

The permissions page is organized into collapsible sections. Each section covers a different area of the workspace, and the permissions within each section vary depending on what makes sense for that feature. Here is every section and what you can configure inside it:

Contacts is split into two groups: People and Companies. For each, you choose between limited view (can only see contacts in shared projects or channels) or full view (can see all contacts). People also has toggles for creating profiles, deleting profiles, editing profiles, sending invites, and viewing contact details (phone, email, address). Companies has create, delete, edit, and view contact details toggles.

Projects has the most sub-groups. The main project permissions include limited vs full view, create, delete, edit project details, update status, update permissions at project level, and view budget. Below that, Project members has view all members and manage members. Project discussions has view, create, edit, and delete. Task boards has create, delete, edit, re-order, and update permissions. Task groups has create, delete, edit, re-order and move, and update permissions. Tasks has limited vs full view, create, delete, edit, re-order and move, assign, complete, and view comments.

Files has limited vs full view, upload files, edit files/documents, delete files, and can comment on files. Folders has limited vs full view, create, delete, and edit.

Financials is split into three groups: Invoices (limited vs full view, create, delete, edit, update status, send for payment), Subscriptions (limited vs full view, create, delete, edit, send for activation), and Transactions (limited vs full view, create, delete, edit).

Proposals has limited vs full view, create, delete, edit, update status, and send for approval.

Contracts has limited vs full view, create, delete, edit, send for signatures, and update status.

Forms has limited vs full view, create, delete, edit, and update status.

Time tracking has limited vs full view, track or log time, edit time entries, delete time entries, view billing details, view cost details, and view tracked by column.

Schedulers has limited vs full view, create, delete, and edit.

Automations has limited vs full view, create, delete, edit, and update status.

Inbox has send direct messages and create channels.

Wiki has access all workspaces, create workspaces, edit workspaces, delete workspaces, and manage pages.

Templates has view and apply templates, access the public library, create, delete, and edit.

Trash has view trash and can recover items. Archive has view archive and can un-archive items.

Custom fields has create custom fields and edit custom fields. Individual custom fields also have their own permission preferences, which you can set from the custom fields settings page.

Snippets has create and edit for both snippets and snippet categories.

Activity feeds has view activities page.

Support access is not a custom role setting. The in-app support button is currently shown to workspace Owners and Co-owners. It is not available to clients or regular team/custom roles, and there is no Support or Help Center toggle to turn on in Settings > User roles. Support requests from clients or team members should go through the workspace Owner or Co-owner.

Limited view vs full view

Several categories offer a choice between limited view and full view. Limited view restricts the person to items they are directly connected to. For example, limited view on projects means they can only see projects they are added to as members. Limited view on invoices means they can only see invoices they created or that are issued to them. Full view removes this restriction and shows all items.

How the Client role works

The Client role is locked, meaning you cannot rename it. Many permissions are locked off for clients and cannot be toggled on. For example, clients cannot access forms, templates, automations, schedulers, custom fields, snippets, activity feeds, trash, or archive. Clients can only see contacts, projects, invoices, proposals, and contracts that involve them directly. An info banner at the top of each category explains exactly what clients can and cannot access.

Assigning a role

You choose a role when you invite someone to your workspace. You can also change a person's role from their contact profile at any time. Changing a role's permissions updates access for every person assigned to that role at once.

View as

You can preview what your workspace looks like for a specific role by clicking View as on the role's permissions page. This is for viewing purposes only and cannot be used to perform actions on behalf of other users.

Per-entity permission overrides

Beyond the workspace-level permissions set on each role, you can also override permissions on specific projects, task boards, and task groups. This lets you fine-tune access for individual items without changing the role itself. For example, you could give a specific role access to one project while keeping them restricted everywhere else. Per-entity overrides are set from the permissions settings on the project, task board, or task group.

Resetting permissions

At the bottom of the permissions page you will find two reset options: Reset permissions to system default restores all custom roles to their original permissions, and Reset permissions of individual projects to default clears any per-entity overrides across all projects.

Deleting a custom role

When you delete a custom role, you choose a replacement role to reassign all people currently using the deleted role. The built-in Owner, Co-owner, Team, and Client roles cannot be deleted.

Continue learning

More on settings and administration

Business settings

Every detail configured here propagates automatically across invoices, proposals, contracts, outgoing emails, and client-facing pages.

Users and team management

Team members are managed from Contacts> People, where you can invite people, manage roles, and view every active, pending, and deactivated member in your workspace.

Per-entity permissions

Role-level permissions define what each team member can access across the workspace, but per-entity permissions narrow that scope further.

SSO (single sign-on)

Single sign-on lets team members and clients log in through your identity provider instead of a separate email and password.

Custom fields configuration

Custom fields let you add your own data points to any area. A project can carry a "Client Industry" dropdown, an invoice can store a "PO Number" text...

Custom statuses

Custom statuses replace or extend the default status options on projects and conversations. Each status has a name, colour, and position, and automations...