Custom roles allow you to create specific permission sets tailored to your team's needs, beyond the default roles provided by Cone
Creating a custom role
1. Navigate to Settings β People β Roles and permissions
2. Click Create custom role
3. Enter a Role name (e.g., "Project Manager", "Bookkeeper")
4. Add a Description to explain the role's purpose
5. Click Continue to configure permissions
Permission categories
Custom roles can be configured with granular permissions across all Cone modules. Each module can be enabled or disabled entirely, with specific permissions available when enabled
Clients
Access levels:
All clients - Can access all clients and their details
With this, the team member will have access to future clients as well
Limited clients - Can access only assigned clients
Permissions:
Can create clients
Can bulk import clients
Can view clients (always enabled)
Can edit the clients created by others
Can delete clients
Can view files tab
Can view email log
Contacts
Can create contacts
Can view contacts (always enabled)
Can edit the contacts created by others
Can delete contacts
Can manage client portal invitations
Dashboard
Enable or disable complete dashboard access
Deals
When enabled:
Can create deals
Can view deals (always enabled when module is on)
Can edit the details of deals created by others
Can delete deals
Can manage the deal stages
Work
Projects
Can create projects
Can view all projects (always enabled)
Can edit the details of projects created by others
Can delete projects
Tasks
Can create tasks
Can view all internal tasks (always enabled)
Can edit the details of tasks created by others
Can delete tasks
Client requests
Can create client requests
Can view all client requests (always enabled)
Can edit the details of client requests created by others
Can delete client requests
Email Inbox
When enabled:
Can add their personal inbox
Proposals
When enabled
Can create draft proposals
Can publish proposals
Can view proposals (always enabled when module is on)
Can manage the proposals created by others
Can delete proposals
Time
When enabled
Can view time entries on tasks assigned to other users
Can edit the time entries on tasks assigned to other users
Can delete the time entries on tasks assigned to other users
Services
When enabled
Can create services
Can view services (always enabled when module is on)
Can edit services
Can delete services
Billing
When enabled
Can create invoices and recurring rules
Can view Invoices and recurring rules linked to assigned clients
Can view revenue insights linked to assigned clients
Can edit invoices
Reports
When enabled
Can view client profitability reports
Can view client time reports
Can view team profitability reports
Can view team utilization reports
Can download PDF reports
Templates
When enabled
Project
View - β (always)
Create - β/β
Manage - β/β
Delete - β/β
Folder
View - β (always)
Create - β/β
Manage - β/β
Delete - β/β
Proposal
View - β (always)
Create - β/β
Manage - β/β
Delete - β/β
Proposal sections
View - β (always)
Create - β/β
Manage - β/β
Delete - β/β
Engagement letters
View - β (always)
Create - β/β
Manage - β/β
Delete - β/β
View - β (always)
Create - β/β
Manage - β/β
Delete - β/β
Form
View - β (always)
Create - β/β
Manage - β/β
Delete - β/β
Settings
When enabled
General - Can view (always), Can manage
Emails and reminders - Can view (always), Can manage
Billing - Can view (always), Can manage
Branding - Can view (always), Can manage
Client portal - Can view (always), Can manage
Subscription - Can view, Can manage
People - Can view (always), Can manage, Can invite/activate/deactivate team members, Can manage hours and rates, Can manage custom roles
Integrations - Can view (always), Can manage, Can manage Accounting integrations, Can manage Payment integrations, Can manage Cloud storage integrations, Can manage Other integrations
Workflows - Can view (always), Can manage
Custom fields - Can view (always), Can manage
Permission dependencies
Some permissions have dependencies or special behaviors:
Creator privileges
The creator of any item (client, project, task, etc.) can always edit it
If removed from a client's team, creators lose edit access
Client access cascading
Client access level affects visibility of related items:
Projects linked to those clients
Contacts associated with those clients
Invoices and proposals for those clients
Tasks and requests under client projects
Best practices
Role planning
Start with a default role closest to your needs
Modify permissions incrementally
Test with a single user before widespread adoption
Naming conventions
Use descriptive role names (e.g., "Senior Accountant" not "Role 1")
Include department or function in the name
Keep descriptions clear and concise
Security considerations
Follow principle of least privilege
Regularly review custom roles for relevance
Remove unused custom roles
Document role purposes for team clarity
Common custom role examples
Bookkeeper
Full access to Billing and Payments
View-only access to Clients
No access to Proposals or Deals
Can manage Time entries
Project manager
Full access to Work (Projects/Tasks)
Can view all Clients
Can create and manage Proposals
No access to Billing settings
Client service representative
Can view and edit Clients and Contacts
Can manage Client Requests
Can view Projects and Tasks
No access to financial data
Notes
Custom roles can be edited after creation
Users must be reassigned if you delete their current role
Permission changes apply immediately to all users with that role
You cannot delete default system roles (Owner, Admin, Standard User, Restricted User)