Skip to content

Roles and permissions

A person's roles decide what they can see and do in your workspace. You can give someone broad access across everything, or narrow access to just one area — or even one pipeline. You assign roles when you invite a member and can change them anytime with Edit Roles.

The whole workspace

These roles apply everywhere in the workspace:

  • Admin — full access. Manages members and roles, and everything in Intake, Groups, Events, and settings.
  • Member — does the day-to-day work: create and update cases, people, groups, and sessions. Can't manage other members.
  • Viewer — read-only. Can look at everything but can't change anything.

One area only (module roles)

When someone only works in one part of the portal, give them a role scoped to that area instead of the whole workspace:

  • Intake — Admin, Manager, or Viewer for cases and pipelines.
  • Groups — Admin, Manager, or Viewer for programs, groups, and attendance.
  • Events — Admin for the public calendar.

A Manager can do most of the work in their area but can't delete the big building blocks (like pipelines or programs); a Viewer can only look.

One pipeline only (resource roles)

For the narrowest access, you can scope a role to specific pipelines — for example, a Pipeline Viewer who sees only one pipeline's cases. When you pick one of these roles, you also choose which pipeline(s) it applies to.

How access shows up for the person

People only see the menu items and buttons their roles allow, so someone's portal may look simpler than yours. That's expected — it keeps everyone focused on their own work. (This is the "You may see fewer items" note teammates notice in Finding your way around.)

Give the least access that does the job

Start narrow and add more if someone needs it. A pipeline-scoped viewer is safer than a workspace admin for someone who only checks one program.