This article is intended for company managers and users with admin roles.
How data and organized and User permissions work?
Permissions are an important part of RealEstateCRM.io as you can control the modules and records a user can have access to, and also the actions he can perform (browse, create, edit/update, delete).
It’s also possible to create User groups (team) so the data will be segregated by the team, and also to customize roles.
How the application is structured?
The application is structured into several levels.
Application Access (All):
As a company owner/manager you have access to all the applications based on your active subscription plan.
Each subscription plan offers more or less access to features.
Sections: Sales, marketing, Listing, Support, Inventory
Inside each section, you will find modules related. For example in the sales section you will find the module Opportunities and Deals, in Marketing the module campaigns; or in the Support section the module Ticket.
Modules: Contacts, Leads, Listings, Tasks
Each module has a specific function and modules are often linked to each other (ex a task related to a deal).
Records: a contact, a lead, a listing
In each module, you can manage records ( a contact, a task, a deal)
Actions that can be performed:
- Browse/view: will be able to see a list of records and the details of each record
- Add/Create: will create a new record (ex create a new contact)
- Edit/Update: will update an existing record (ex update price of a listing)
- Delete/Destroy: will delete the existing record
Understand Access level
When you invite a user you have the ability to select the Access level. (All, Group or Assigned only)
`Access to all records` -> With this enabled, the user can view, edit, delete all records.
`Access to group records` -> With this enabled, a user can only view (but not edit or delete) records assigned to the groups associated with that user. It will not be checked if `Access to all records` is enabled.
`Access to group write` -> With this enabled, a user can edit or delete records assigned to the groups associated with that user. It will not be checked if `Access to all records` is enabled.
`Access to group users` -> With this enabled, a user can only view (but not edit or delete) records assigned to other users belonging to the groups associated with that user. It will not be checked if `Access to all records` is enabled.
Records assigned to a user: In all cases, the user can view, edit, delete records assigned to him.
Now if a user has `Access to group users` but not `Access to group records`, in this case the user can access records assigned to other users from the same groups that user belongs to, but can not access records which are assigned to groups. `Access to group users` is not dependent on `Access to group records`.
Access based on record
Last but not least, a user can grant access to a specific record to another group or set of users. Refer to the guide (grant or deny record access).
Roles and permissions
By default you have access to 2 roles:
Company Manager: this is the default role when you create an account. This role grants you the permissions and access to all the features allowed within your company subscription plan and allows you to control the settings, manage users and subscriptions.
User: this is the default role for users you invite; they have access to all features allowed by your company subscription plan excluding access to all settings, subscription management, and users management.
For the high subscription plan, it’s possible to create custom roles to grant specific permissions. Contact us if you need more information about this feature.
Why is it important and the benefits of having it?
According to the position and roles of the users, you may want to restrict some access for instance you may want to let a user see only the records (leads, contacts, …) assigned to him? also you may restrict some actions.
For example, you don’t want a user from another team can edit or delete data.
Also if you have several teams, you may want the records assigned to a team not to be viewable and editable to another team.