Skip to main content

Managing role based permissions

  1. Navigate to Admin.

  2. Select Role Management.

  3. From the drop down on the main tab select Create Role.

  4. Give your role a Name and Description.

  5. Specify any permission required by Module and Action on the following matrix.

  6. Choose for modules to be enabled or disabled.

  7. Provide Standard, Administrator or Developer rights to required modules.

  8. Choose from Owner, Owner and Selected Teams, All, Not Set or None for action level rights. Below details what each of these options means:

    1. All - The user can perform this action on any and all records that they can access

    2. Owner - The user can perform this action only if they are the "Assigned To" user on the record

    3. Owner and Selected Teams - The user can perform this action if they are the "Assigned To" user on the record or if they belong to team which is designated as having extra access on the record. This option is only visible if an administrator has enabled team-based permissions for the module.

    4. Not Set - The user is neither restricted nor granted access to this function. When permission is "Not Set", users within this role default to "All" access

    5. None - The user cannot perform this action on any records within this Sugar module


You can also set permissions on a field by field basis using the column on the left hand side:

  1. Choose the module the field is in you wish to edit the permissions for

  2. Find the field you wish to change from the list and double click where it says "Not Set"

  3. Choose the permissions you want from the following

    1. Not Set - The user is neither restricted nor granted access to this field. When permission is "Not Set", users within this role default to "Read/Write" access

    2. Read/Write - The user can see the value of this field and can edit it

    3. Read/(Owner & Selected Teams) Write - The user can see the value of this field but can only edit the field's value if they are the "Assigned To" user on the record or if they belong to a team which is designated as having extra access on the record. This option is only visible if an administrator has enabled team-based permissions for the module

    4. Read Only - The user can see the value of this field but cannot change its value

    5. Owner Read/Owner Write - The user can only see and edit this field if they are the "Assigned To" user on the record

    6. (Owner & Selected Teams) Read/Owner Write - The user can only see the value of this field if they are the "Assigned To" user on the record or if they belong to team which is designated as having extra access on the record, but they can edit the field only if they are the "Assigned To" user on the record. This option is only visible if an administrator has enabled team-based permissions for the module

    7. (Owner & Selected Teams) Read/(Owner & Selected Teams) Write - The user can only see the field and edit the field's value if they are the "Assigned To" user on the record or if they belong to a team which is designated as having extra access on the record. This option is only visible if an administrator has enabled team-based permissions for the module


Be aware that it is possible to add a user to multiple roles, however for when the roles have different permission sets, the user will inherit the lesser of the two.
For example, if:

  • User 1 is in Role A and Role B

  • Role A has got edit permissions for the Accounts module, but Role B only has view permissions


then User 1 will only be able to view Accounts, he will not be able to edit.

Related Articles
Unable to see records I have permissions for
Users are unable to search for records using Global Search
Creating Reports
Adjust the user module layout based on role
Fields do not transfer properly when converting a lead
Did this answer your question?