Roles & Permissions

BasaltCRM uses a granular, hierarchical permission system that controls access at the module, widget, and action level.

Role Hierarchy

| Role | Level | Description |

| :--- | :--- | :--- |

| Platform Admin | 1000 | God-mode. Full access across ALL teams. Can assign Platform Admin to others. |

| Super Admin | 100 | Full access within their team. Can create Admins, Members, and Viewers. |

| Admin | 50 | Full access to department resources. Can create Members and Viewers. |

| Member | 10 | Standard access to assigned resources only. |

| Viewer | 0 | Read-only access to data. |

Permission Granularity

Permissions are defined at three levels:

1. Module Level

Toggle entire modules on/off per role (e.g., hide "Lead Wizard" from Viewers).

2. Widget Level

Control individual widgets within a module (e.g., show Dashboard but hide Team Analytics widget from Members).

3. Action Level

Gate specific operations (e.g., allow Members to view leads but not delete them).

Module Coverage

The permission system covers all 30+ modules:

Dashboard, Calendar, Accounts, Contacts, Opportunities

AI Lab, Sales Command, Contracts (incl. Deal Rooms)

Projects, Tasks, Dialer, University, Outreach

Lead Pools, Lead Wizard, FlowState, Messages

Form Builder, Invoices, Reports, Emails, Employees

Databox, Approvals, Cases, Notifications, Products, Quotes, Guard Rules

Multi-Tenant Teams

Each team operates in full data isolation. Users can belong to one team, and all CRM data (leads, accounts, opportunities, etc.) is scoped to the team boundary.