Set Up Role Permissions
Set Up Role Permissions
Section titled “Set Up Role Permissions”HARi controls access through three layers:
- User role (admin or member) — admins manage settings; members get the rest
- Permission profiles — granular per-entity grants assigned to teams
- Teams — groupings of users that inherit a profile and a record-sharing scope
This guide covers the profile + team layer, where most day-to-day permission tuning happens.
Understanding Permission Levels
Section titled “Understanding Permission Levels”For each entity, a profile grants four actions:
- Create — Can the user create new records?
- Read — Can the user view records?
- Update — Can the user edit existing records?
- Delete — Can the user delete records?
Each action takes a scope value:
- All — Every record of that entity
- Team — Records owned by anyone in the user’s team
- Own — Only records assigned to the user
- None — No access (the action is denied)
Reviewing Profile Permissions
Section titled “Reviewing Profile Permissions”- Go to Settings > Schema
- Pick an entity (e.g. Contact)
- Open the Permissions tab — you’ll see a matrix of every profile that has a grant on this entity, with a coloured badge per action showing the scope (All / Team / Own / None)
Example: Sales Representative permissions
Section titled “Example: Sales Representative permissions”| Entity | Create | Read | Update | Delete |
|---|---|---|---|---|
| Contacts | All | Team | Team | None |
| Companies | All | All | Team | None |
| Opportunities | All | Own | Own | None |
| Activities | All | Own | Own | Own |
| Invoices | None | Own | None | None |
| Tasks | All | Own | Own | Own |
Common Profile Templates
Section titled “Common Profile Templates”Manager
Section titled “Manager”- Same entity access as Sales Representative
- Record scope set to All for Opportunities and Activities
- Read access to all entities for reporting
Finance
Section titled “Finance”- Full access (CRUD) to Invoices
- Read-only access to Companies and Contacts
- No access to Opportunities or Leads
Marketing
Section titled “Marketing”- Full access to Contacts and Leads
- Read-only access to Companies
- No access to Invoices or Opportunities
View-Only
Section titled “View-Only”- Read access to all entities
- No create, update, or delete permissions
- Scope set to All
Assigning Profiles to Teams
Section titled “Assigning Profiles to Teams”In HARi, profiles are attached to teams, not directly to users:
- Go to Settings > Teams
- Select the team you want to configure
- Open the Permissions tab on the team page — pick the profile that should govern this team
- Add users to the team via the Members tab — they inherit the team’s permissions
To change what a single user can do, move them between teams or adjust the profile assigned to their team.
Testing Permissions
Section titled “Testing Permissions”After configuring a profile, verify it works as expected:
- Log in as a user with that profile (or ask them to test)
- Check that they can access the correct entities in the sidebar
- Verify that they can only perform the allowed actions
- Confirm the record scope works (they see only their own records, or all records, depending on the setting)
Updating a Profile
Section titled “Updating a Profile”When you modify a permission profile, changes take effect immediately for all users assigned to that profile. No need to re-assign users.
Next Steps
Section titled “Next Steps”- Add a User to assign the profile to new team members
- Inviting Your Team for the full team setup guide
- Create a Custom Entity — remember to add new entities to your permission profiles