A role is a collection of various function permissions. The CRM system provides two types of roles, management and business, which are used to set the background system management function permissions and front-end business function permissions respectively.

• System Permissions: Refers to the access permissions used for system background configuration management, such as enterprise organizational structure management, object management, process management, etc. Employees with corresponding system permissions can access the corresponding background system menu and perform corresponding management and configuration operations.
• Object Permissions: Refers to the access permissions for creating, viewing, editing, and deleting records for each object. If the employee does not have the permission to operate an object, the corresponding operation button will be hidden on the object page; if the employee does not have the permission to "view the list" of an object, the function entry of the object will be hidden. If there is no "View List" permission of the "Business Opportunity" object in the permission setting of the "Shipping Personnel" role, the employee with this role will not be able to see the menu of business opportunities.
• Field Permissions: Refers to the level of access for each field in the object: read-write, read-only, or invisible. For example, the "Service Personnel" role can configure the "Sales Order Amount" field in the "Sales Order" object to be invisible.

1. Custom Role

In order to support flexible permission assignment, administrators can add custom roles according to actual business scenes. Such as project implementers, material purchasers, custom administrators, etc.

1.1 New Role

Administrators can create custom management roles or custom business roles under "System Management - Role Permission Settings - Management Function Permissions or Business Function Permissions".

• Management roles can be assigned to background administrators to perform system background management and system configuration; such as configuring object custom fields or data sharing rules, etc.
• Business roles can be assigned to front-end business personnel to perform CRM business operations, such as sales director roles to manage sales orders and view related reports, etc.

1.2 Role Permission Settings

1.2.1 Management Function Permissions

The management role sets the system management authority according to the background management function; each background management menu corresponds to a specific management function, and employees who have the authority to change the management function have the authority to the corresponding management menu and can perform corresponding management configuration work.

1.2.2 Object Function Permissions

Business roles set specific business function permissions by object.

• You can configure the operation entry permission for all CRM objects. For example, [View List] is the entry permission for the object list. If you do not configure the employee, you will not be able to see the sales lead object in My Workbench.
• You can configure the permission of the details interface for all CRM objects, such as [View Details] is the permission of the object details page, if not configured, employees will not be able to view the details interface of sales leads.
• Operation Permission: Only when operation authority is configured, employees have the first condition to operate business data. If you cancel the "New", "Edit", and "Import" permissions, you will not see these operation buttons on the list page and detail page.

1.2.3 Field Level Permissions

Business roles can set specific field permission levels by object; control employees' visibility and editability of fields. For example, if you don't want telemarketers to see the account's phone number, and you don't want service personnel to see the sales order amount in the account's sales order, you can hide the corresponding fields.

• [Read & Write] Permission: Employees will have the maximum permission for this field, and can edit it when [New] and [Edit], and this field can be seen on the list and detail pages.
• [Read-only] Permission: Employees cannot edit when they are in [New] [Edit], and this field is visible on the list and detail pages.
• [Invisible] Permission: Employees cannot see this field (or the field value) in the [New] [Edit] [List] [Details] interface.

1.3 Employee Role Assignment

Administrators can select any role in "System Management - Role Permission Settings", and assign roles to employees on the employee assignment page. A role can be assigned to multiple employees, and an employee can also have multiple roles. If an employee has multiple roles, its function permission is a collection of multiple roles.

• Add Employees: assign roles to new users, and employees who assign roles will have CRM applications. If you need to assign the role of "Salesperson" to the company's newly recruited salesperson, click "Add Employee", select the newly recruited salesperson, select the role of "Salesperson", and save it. If the added employee already has the specified role, the newly added role will be superimposed here.
• Edit Role: In the list under "All CRM Users", the roles can be modified for employees who have been assigned roles, such as adding a new role or canceling a role.
• Remove: In the list under "All CRM Users", select an employee and click "Remove", all CRM roles of the employee will be removed except "CRM Administrator" (if they have this role), if The employee no longer belongs to any role and will no longer have a CRM application.
• Copy Role to Employee: Copy the role of an employee to another employee.
• Main Role: When assigning a role to an employee, you can specify the primary role that the employee belongs to. The main role is mainly used in "custom object" when an employee has multiple types, and it will be displayed according to the type and layout supported by the main role.
• Special Business Logic: "CRM Administrator" role: The maintenance of this role needs to be maintained in the "Application Administrator" of "Application-Application Management-CRM". Click "Modify" to add or remove the "CRM Administrator" role .
• "CRM Administrator" Role: The maintenance of this role needs to be maintained in the "Application Administrator" of "Application-Application Management-CRM". Click "Modify" to add or remove the "CRM Administrator" role.

1.4 Approval Permission Settings

On the employee assignment page, employees with special approval permissions can be assigned to departments responsible for approval. For example, in a manufacturing industry, there are multiple production lines, and different departments are responsible for sales orders on different production lines. At the same time, different finance departments in the financial department are responsible for the approval of sales orders by different departments. At this time, it is necessary to configure an approval department for each employee with an order financial role, so that when the responsible department has a sales order that needs to be approved, it will be automatically assigned to the designated order financial personnel.

• Click "Edit Approval Department" and select a department in the pop-up window.

2. Common Questions

Q1: How to make a new employee have the permission of account object?
A: Add the employee to a role with the permission of Account -> View List.

Q2: How can an employee only view customer data, but not modify account data?
A: Modify the business role permission settings owned by employees: select the permission configuration of the customer object: check the [View List] and [View Details] permissions, and cancel the [Edit] permission.

Q3: How to prevent an employee from seeing or editing the [Sales Order Amount] field of the sales order?
A: Modify the functional permission setting of the business role owned by the employee: Sales Order - "Field Level Permissions - "[Sales Order Amount] field, set invisible or read-only.

Q4: How to make different people see different fields for the same business object?
A: Define different roles, assign different field-level permissions, and then put employees into corresponding roles.