🔑 Permission Control · Fine-grained Control of What Each Role Can Do

In the Enterprise Plan, you assign different permissions to different roles — salespeople can only see their own customers and can't export; sales managers can see the whole department and can approve; interns can view but not edit. Paired with ownership management, this gives you full team collaboration + data security.

🎯 Why Permission Control matters

No customer data leakage → salespeople only see their own customers
Clear division of labor → each role's permission boundary is explicit
Prevents misoperations → interns / new hires can't delete or export sensitive data
Smooth offboarding handoff → offboarded permissions can be disabled in one click / customers reassigned

1. Add a Role

Create permission templates per position (e.g. "Salesperson / Sales Manager / Intern / Marketing Specialist").

Steps:

Step	Action
1️⃣	Left sidebar → [Enterprise] → [Permission Control]
2️⃣	At the bottom of the page [Role List] → click [Add Role]
3️⃣	Enter the role name (e.g. "Salesperson") → save

Permission Control · Add Role modal: enter role name (e.g. Salesperson / Sales Manager) + save button, role appears in the list

2. Edit Permissions

Set what each role can / can't do.

Steps:

Step	Action
1️⃣	Left sidebar → [Enterprise] → [Permission Control]
2️⃣	In [Role List], pick the role to edit (e.g. "Salesperson")
3️⃣	The right side [Permission Scope] shows all assignable permissions
4️⃣	Check / uncheck permissions → save

Permission Control · edit permission scope: left role list + right permission checkboxes (Customer / Email / Search etc. broken down by View / Edit / Export / Delete)

💡 Common role permission templates

Role	Customer Mgmt	Email	Search	Export	Delete
🚀 Salesperson	✅ View + edit (own)	✅ Send & receive	✅ Search + save	❌	❌
👔 Sales Manager	✅ View + edit (whole dept)	✅ Send & receive + audit	✅ Search + save	✅	✅
📊 Marketing Specialist	✅ View only	✅ Bulk send only	✅ Search + save	❌	❌
🎓 Intern / New	✅ View only (own)	✅ View only	❌	❌	❌
👑 Admin (system preset)	✅ All	✅ All	✅ All	✅	✅

📋 Pitfalls Roundup

Pitfall	Consequence	How to avoid
🔴 Giving salespeople "Export"	Customer data may be taken away / sold to competitors	Salesperson / intern default off for Export; admin handles single requests
🔴 New hires with too many permissions	Accidental customer deletion / wrong-email sends hurt business	New hires start with "Intern" role, upgrade after they're up to speed
🟡 Not following "principle of least privilege"	Over-permissioned roles	Each role gets only the permissions needed for the job — less is more
🟡 Admin role handed out loosely	Multiple people with top permissions → management chaos	"Admin" only for the boss + 1–2 core managers
🟡 No periodic review	Permissions stale after offboarding / role changes	Quarterly audit of role permissions and member assignments
🟡 Permission changes not announced	Members hit "feature unavailable" and are confused	When adjusting permissions, notify affected members

❓ FAQ

Q1 · What's the difference between "Admin" and custom roles?

Dimension	👑 Admin (preset)	🛠️ Custom Role
Origin	System preset, not deletable	User-created
Permission scope	All features, including permission management itself	Whatever you check
Can modify permissions	❌ No (protected against accidental deletion)	✅ Fully customizable

Q2 · Can I create a "View only, no Export / Delete" role?

✅ Yes. In [Permission Scope], only check the "View"-related permissions (e.g. "Customer-View" / "Email-View"), and don't check "Export / Delete" or other sensitive actions.

Q3 · Who's affected when I change a role's permissions?

Takes effect immediately, affecting all members assigned to that role.

→ E.g. remove "Export" from the "Salesperson" role → all salespeople immediately lose Export.

Q4 · How does Permission Control relate to Ownership Management?

Dimension	🔑 Permission Control	🤝 Ownership
Determines	What can be done to customers (view / edit / export / delete)	Who owns the customer
Used together	Permission = "what to do" + Ownership = "to whom"

→ Example: a salesperson's permission is "can edit own customers" + ownership management assigns customers A/B/C to them → they can only edit A/B/C.

See 📚 Customer Ownership.

Q5 · Can I temporarily upgrade a member's permissions?

Yes. Change the member's role (e.g. temporarily from "Salesperson" to "Sales Manager"), then revert. Or create a temporary role just for that member.

💡 Learning Tips

Principle	How
🎯 Principle of least privilege	Each role gets only what's necessary, no extras — the data security baseline
🏢 Roles by position	"Salesperson / Manager / Marketing / Intern" — divide by position, not person
🔄 Periodic review	Each quarter, audit all role permissions + each member's role assignment
📋 Document the rules	Write up "what level uses what role" inside the team, avoid ad-hoc assignment
🚨 Act immediately on offboarding	Disable / delete accounts immediately on offboarding; reassign customers in Customer Ownership

Topic	Link	Notes
👨‍💼 Team Members	member-management	Assign the roles you've built to specific members
🤝 Ownership	ownership-management.md	Decides who owns the customer — the basis for permissions to take effect
🏢 Enterprise Basics	business-management	Enterprise overview + account creation
👥 Department Structure	department-management.md	Department + role + permission — the trio
📊 Quota Management	quota-management	Permissions + quotas jointly govern enterprise resources

🔗 Permalink: https://laifa.xin/zhinan/permissions-management

1. Add a Role​

2. Edit Permissions​

📋 Pitfalls Roundup​

❓ FAQ​

Q1 · What's the difference between "Admin" and custom roles?​

Q2 · Can I create a "View only, no Export / Delete" role?​

Q3 · Who's affected when I change a role's permissions?​

Q4 · How does Permission Control relate to Ownership Management?​

Q5 · Can I temporarily upgrade a member's permissions?​

💡 Learning Tips​

📚 Related Features​