Permissions and Security
HARi gives you fine-grained control over data access. Decide exactly who can view, edit, create, and delete records, down to the individual field level.
Security profiles
Section titled “Security profiles”Every user is assigned a security profile. Profiles define what the user can do across all entities.
Typical profiles:
| Profile | Description |
|---|---|
| Admin | Full access to everything, including settings and schema |
| Sales Manager | Full access to CRM data, can see all records, manage teams |
| Sales Rep | Access to own records and team records, cannot delete |
| Viewer | Read-only access to selected entities |
You can create as many profiles as your organization needs.
Capabilities
Section titled “Capabilities”Each profile has capabilities per entity:
- Create — can create new records
- Read — can view records
- Update — can edit records
- Delete — can delete records
- Export — can export data to CSV
- Import — can import data from CSV
- Bulk update — can update multiple records at once
Capabilities follow a logical hierarchy: if you can update, you can also read. HARi enforces this automatically.
Record ownership
Section titled “Record ownership”Every record has an owner (the user who created it or was assigned to it). Ownership controls visibility:
- Own records only: user sees only records they own
- Team records: user sees records owned by anyone in their team
- All records: user sees everything (typically for managers)
This is configured per profile, per entity.
Field-level security
Section titled “Field-level security”Beyond record-level access, you can control which fields a profile can see or edit:
- Visible: the field appears on forms and lists
- Read-only: the field is visible but cannot be edited
- Hidden: the field is completely invisible to this profile
Example: sales reps can see deal amounts but only managers can edit the discount percentage.
Audit log
Section titled “Audit log”Every change in HARi is recorded in the audit log:
- Who made the change
- When it happened
- What was changed (old value and new value)
- Which record was affected
Access the audit log from Settings > Audit Log or from the History tab on any record.
The audit log is partitioned by month for performance. Administrators can configure retention policies to automatically archive or purge old entries.
Best practices
Section titled “Best practices”- Start with the principle of least privilege — give users only the access they need
- Use team-based visibility for sales organizations — reps see their pipeline, managers see everything
- Protect sensitive fields (revenue, margin, discount) with field-level security
- Review the audit log regularly to spot unusual activity
- Test new profiles by logging in as a test user with that profile before rolling it out