Custom roles give you precise control over what each team member can see and do in your workspace. This guide covers everything from basic concepts to advanced troubleshooting.
Table of contents
1. What are custom roles?
Custom roles are permission sets you create to match specific job functions in your organization. Instead of using generic "Admin" or "User" roles, you can create roles like "Billing Manager" or "Project Coordinator" with exactly the permissions each team member needs.
Think of custom roles as a way to give each person their own personalized toolkit - they see only what they need to do their job effectively, without the clutter of features they don't use.
1.a Benefits of custom roles
Custom roles transform how your team works by providing focused access and better security.
1.a.i Better security
Give team members only the access they need, reducing the risk of accidental changes or data exposure. When someone only sees what's relevant to their role, there's less chance of mistakes.
1.a.ii Improved efficiency
Team members see only relevant features, making navigation simpler and reducing training time. A billing specialist won't be distracted by project management tools they don't need.
1.a.iii Flexible growth
Create new roles as your team evolves. As you add new services or change your workflow, you can adjust permissions without disrupting existing users.
1.b Who can use custom roles?
Available on: Growth plan and above
To use custom roles, you need:
- An active Growth plan subscription
- Admin or Owner permissions in your workspace
- At least 2 user seats (custom roles make more sense with multiple users)
Note: If you're on the Starter plan, you'll see the Roles section but won't be able to create custom roles. Consider upgrading to unlock this feature.
2. Setting up your first custom role
Follow these steps to create a custom role in just 5 minutes. We'll walk through creating a "Billing Specialist" role as an example.
2.a Prerequisites
Before you start, make sure you have:
- Admin or Owner access to your workspace
- A clear understanding of what permissions this role needs
- A list of users who will be assigned to this role
💡 Pro tip: Start by listing what tasks this role will perform daily. This helps you choose the right permissions.
2.b Step 1: access custom roles
- Click the Settings icon (⚙️) in the bottom left corner
- Select Team & Access from the menu
- Click on Roles and Permissions
- You'll see your existing roles listed (Admin, User, etc.)
[Screenshot placeholder: Settings menu with Roles and Permissions highlighted]
2.c Step 2: create new role
-
Click the "+ Create Custom Role" button
-
Enter a descriptive Role Name (e.g., "Billing Specialist")
-
Add a Description to help others understand this role's purpose
-
Good: "Manages all billing, invoicing, and payment collection"
-
Avoid: "Billing stuff"
[Screenshot placeholder: Create new role dialog]
2.d Step 3: configure permissions
You'll see the permission builder, which is organized by feature area. Each area has specific permissions you can enable or disable.
2.d.i Setting module access
Each section has a toggle switch that controls whether users with this role can access that entire module:
- ON: Users can see this section in their navigation
- OFF: This section is completely hidden from users
Start by toggling ON only the modules this role needs.
[Screenshot placeholder: Permission builder showing module toggles]
2.d.ii Configuring specific permissions
For each module you've enabled, you can set specific permissions:
View permissions - Can they see existing data?
- "Own only" - See only items assigned to them
- "All" - See everything in the system
Create permissions - Can they add new items?
- Enable only what they need to create
Edit permissions - Can they modify existing items?
- "Own only" - Edit only their own items
- "All" - Edit any item
Delete permissions - Can they remove items?
- Be cautious with delete permissions
[Screenshot placeholder: Detailed permission settings]
2.e Step 4: save and assign
- Review your permission selections
- Click "Save Role"
- You'll see a success message
- The role is now ready to assign to users
⚠️ Important: Changes to roles take effect immediately for all assigned users. They may need to refresh their browser to see updates.
3. Assigning users to custom roles
There are several ways to assign users to custom roles. Choose the method that works best for your workflow.
3.a Method 1: during new user invitation
When inviting a new team member:
- Go to Settings → Team & Access → Users
- Click "Invite User"
- Enter their email address
- In the Role dropdown, select your custom role
- Click Send Invitation
The new user will automatically have the custom role when they accept the invitation.
[Screenshot placeholder: User invitation with custom role selected]
3.b Method 2: changing existing user's role
To change a current user's role:
- Navigate to Settings → Team & Access → Users
- Find the user in the list
- Click the three dots (⋮) menu next to their name
- Select "Change Role"
- Choose the new custom role from the dropdown
- Click "Update Role"
The change takes effect immediately.
[Screenshot placeholder: Change role dropdown]
3.c Method 3: from the role detail page
You can also assign users directly from the role's page:
- Go to Settings → Roles and Permissions
- Click on the custom role name
- Click "Assign Users" button
- Select users from the list
- Click "Save Assignments"
This method is great when assigning multiple users at once.
3.d Limitations to note
- No bulk assignment via CSV - You must assign roles individually
- One role per user - Users cannot have multiple roles
- No temporary roles - Role assignments are permanent until changed
- Inheritance not supported - Roles don't inherit from other roles
4. Understanding permissions
Let's dive deep into each permission category and what it controls.
4.a Complete permission categories
Permissions are organized into 12 main categories. Here's what each one controls:
4.a.i Dashboard
Controls access to the main dashboard and widgets.
Module Access: Toggle to show/hide the dashboard Permissions available:
- View own metrics only
- View all company metrics
- Customize dashboard layout
- Create custom widgets
💡 Use case: Give sales reps access to their own metrics without seeing company-wide data.
4.a.ii Clients & Contacts
Manages who can see and interact with your client database.
Client Access Scope:
- None: No access to clients section
- Own clients only: See only assigned clients
- All clients: See entire client database
Contact Permissions:
- View contacts
- Create new contacts
- Edit contact details
- Delete contacts
- Export contact data
Advanced Options:
- View sensitive fields (SSN, Tax ID)
- Access billing information
- See internal notes
[Screenshot placeholder: Client permissions grid]
4.a.iii Deals (if enabled)
Controls your sales pipeline and deal management.
Permissions:
- Can create deals
- Can edit own deals only / all deals
- Can delete deals
- Can change deal stages
- Can access deal analytics
Pipeline Settings:
- View all pipelines
- Modify pipeline stages
- Access win/loss reports
4.a.iv Work (practice management only)
Manages project and task permissions.
Project Management:
- View projects (Own/Team/All)
- Create new projects
- Edit project details
- Delete projects
- Manage project templates
Task Permissions:
- View tasks
- Create tasks
- Assign tasks to others
- Complete any task
- Access time tracking
4.a.v Email inbox (practice management only)
Controls shared inbox access and email management.
Module Access: Toggle on/off Permissions:
- View shared inbox
- Send emails from shared address
- Assign emails to team members
- Create email templates
- Access email analytics
4.a.vi Proposals
Manages proposal creation and sending.
Permissions:
- Can create draft proposals
- Can send proposals
- Can edit any proposal / own only
- Can delete proposals
- Can access proposal templates
- Can view proposal analytics
Financial Controls:
- Set proposal values
- Apply discounts
- Modify payment terms
4.a.vii Time tracking (practice management only)
Controls time entry and reporting access.
Permissions:
- Can view own time entries
- Can view all time entries
- Can create time entries
- Can edit own entries / all entries
- Can approve time entries
- Can run time reports
4.a.viii Services
Manages your service catalog and pricing.
Permissions:
- Can view services
- Can create services
- Can edit service details
- Can archive services
- Can set pricing
- Can manage service categories
4.a.ix Billing
Critical financial permissions for invoicing and payments.
Invoice Permissions:
- Can view invoices (Own/All)
- Can create invoices
- Can edit draft invoices
- Can send invoices
- Can apply payments
- Can issue refunds
Payment Permissions:
- Record payments
- Process credit cards
- Set up payment plans
- Access payment reports
Advanced Billing:
- Modify tax settings
- Create credit notes
- Write off invoices
- Access aging reports
4.a.x Reports (practice management only)
Controls access to analytics and reporting.
Report Access:
- Can view own performance reports
- Can view team reports
- Can view company reports
- Can create custom reports
- Can export report data
- Can schedule reports
Specific Reports:
- Client profitability
- Service performance
- Team productivity
- Financial summaries
4.a.xi Templates
Manages document and email templates.
Grid Format Permissions:
| | View | Create | Edit | Delete |
|--|------|--------|------|--------|
| Email Templates | ✓ | ✓ | Own | No |
| Document Templates | ✓ | ✓ | All | Admin |
| Proposal Templates | ✓ | No | No | No |
| Invoice Templates | ✓ | ✓ | All | Admin |
4.a.xii Administrative settings
System-wide configuration access.
General Settings:
- Company information
- Branding and logos
- Default preferences
- Integrations setup
User Management:
- Invite new users
- Deactivate users
- Change user roles
- Access audit logs
Security Settings:
- Two-factor authentication
- Password policies
- IP restrictions
- API access
4.b Permission dependencies
Understanding how permissions relate to each other is crucial for creating effective roles.
4.b.i Parent-child dependencies
Some permissions automatically grant or require others:
- Editing requires Viewing (you can't edit what you can't see)
- Deleting requires Editing (you must have edit access to delete)
- Creating in a module requires module access to be ON
Example: Giving someone "Edit all invoices" automatically grants "View all invoices"
4.b.ii Access level dependencies
Module toggles affect all permissions within:
- If Billing module is OFF, all billing permissions are disabled
- Turning a module ON doesn't automatically grant any permissions
- Some features require multiple modules (e.g., Time + Billing for billable hours)
4.b.iii Cross-module dependencies
Some features require permissions across multiple modules:
Creating billable projects requires:
- Work module: Create projects
- Billing module: Create invoices
- Clients module: View clients
Sending proposals requires:
- Proposals: Create and send
- Clients: View contacts
- Services: View services (to add to proposals)
5. Managing existing roles
As your team grows and changes, you'll need to modify roles. Here's how to keep them organized and effective.
5.a Editing roles
To modify an existing custom role:
- Go to Settings → Roles and Permissions
- Click on the role name you want to edit
- Make your changes to permissions
- Click "Save Changes"
⚠️ Warning: Changes apply immediately to all users with this role.
Before editing, consider:
- How many users have this role?
- What tasks might be affected?
- Should you create a new role instead?
[Screenshot placeholder: Edit role interface]
5.b Duplicating roles
Perfect for creating similar roles with small differences:
- Find the role you want to copy
- Click the three dots (⋮) menu
- Select "Duplicate Role"
- Give it a new name
- Adjust permissions as needed
- Save the new role
Use cases for duplication:
- Regional variations (Sales Manager - East vs West)
- Seniority levels (Junior vs Senior Accountant)
- Temporary roles for contractors
5.c Deleting roles
Before deleting a role:
- Check how many users are assigned (shown in role list)
- Reassign users to other roles if needed
- Document why the role is being removed
To delete:
- Click the three dots (⋮) menu
- Select "Delete Role"
- Confirm deletion
⚠️ Note: You cannot delete system roles (Admin, User) or roles with assigned users.
5.d Best practices
5.d.i Regular reviews
- Monthly: Review user assignments
- Quarterly: Audit permissions for each role
- Annually: Remove unused roles
Create a review checklist:
- [ ] Are all users in appropriate roles?
- [ ] Do any roles have too many permissions?
- [ ] Are there unused roles to remove?
- [ ] Do new features need permission updates?
5.d.ii Clear documentation
For each role, document:
- Purpose: Why this role exists
- Typical users: Who should have this role
- Key permissions: What makes this role unique
- Dependencies: What other systems/tools they need
Example documentation:
Role: Billing SpecialistPurpose: Manages all client billing and collectionsTypical users: Accounts receivable team membersKey permissions:Full billing module accessView all clients (no edit)Create and send invoicesProcess paymentsDependencies: Needs access to payment processor
6. Role templates
Use these battle-tested templates as starting points for your custom roles.
6.a Professional services
6.a.i Senior account manager
Purpose: Manages key client relationships and oversees project delivery Permissions:
- Clients: All - View, Create, Edit
- Contacts: All - Full access
- Projects: All - View and Edit
- Proposals: Create and Send
- Reports: Client profitability
- Billing: View only (no create/edit)
Typical users: Senior client-facing team members
6.a.ii Project coordinator
Purpose: Supports project execution without financial access Permissions:
- Projects: Assigned only - View and Edit
- Tasks: All - Create and Assign
- Time tracking: View team entries
- Clients: Assigned only - View
- Documents: Upload and organize
- Email: Access shared inbox
Typical users: Project support staff, coordinators
6.b Finance & Billing
6.b.i Billing administrator
Purpose: Complete control over all financial operations Permissions:
- Billing: Full access to all features
- Clients: View all (edit billing info only)
- Reports: All financial reports
- Services: View and edit pricing
- Proposals: View accepted only
- Settings: Tax and payment configuration
Security note: This role has significant financial access. Limit to trusted team members.
6.b.ii Collections specialist
Purpose: Focused on payment collection and follow-up Permissions:
- Billing: View overdue invoices, apply payments
- Clients: View all, edit notes only
- Email: Send payment reminders
- Reports: Aging reports only
- Cannot: Create invoices, issue refunds
6.c Sales & Business Development
6.c.i Sales manager
Purpose: Full sales p
Article truncated. Full version available in source.