Permissions & Roles
Role hierarchy, permission matrix, and access control.
Overview
Seedly CRM provides a comprehensive permission system that controls who can see, create, edit, and delete data across the platform. The system is designed for the agency model - with agency-level oversight, brand-level management, and sub-account-level daily operations.
Role Hierarchy
The platform includes four built-in system roles arranged in a strict hierarchy. Users with a higher-level role have broader access and can manage users at or below their level.
| Role | Scope | Purpose |
|---|---|---|
| Agency Owner | Full agency + all sub-accounts | Top-level administrator with unrestricted access to everything, including billing, plans, and system configuration |
| Brand Admin | Brand + assigned sub-accounts | Manages all sub-accounts within their brand, including branding, billing schedules, and integration overrides |
| Sub-Account Admin | Single sub-account | Full access within their assigned sub-account, including user management and settings |
| Sub-Account User | Single sub-account | Day-to-day user with permissions controlled by their role assignment |
How the Hierarchy Works
- Agency Owners can see and manage everything across the entire agency, all brands, and all sub-accounts
- Brand Admins can manage any sub-account within their brand, but cannot access other brands or agency-level settings
- Sub-Account Admins have full control within their sub-account, including managing users and configuring settings
- Sub-Account Users have granular, configurable permissions - they see and do only what their role allows
A user cannot create or assign a role that is equal to or higher than their own. This prevents privilege escalation.
Custom Roles
In addition to the four system roles, you can create custom roles at the agency level or sub-account level. Custom roles let you define exactly what a team member can and cannot do.
Each custom role starts from a permission template and can be fine-tuned per module.
Permission Templates
| Template | Description |
|---|---|
| Full Access | All permissions on all modules |
| Admin (No Billing) | Full access except billing and plan management |
| Sales Rep | Access to contacts, pipelines, conversations, tasks, and calendar - no settings or admin |
| Standard | Common day-to-day permissions for most team members |
| Limited | Read-only access to most modules with create/edit on assigned records only |
Permission Matrix
Permissions are defined as a matrix of 30 modules and 4 actions:
Actions
| Action | What It Controls |
|---|---|
| View | Can the user see records in this module? |
| Create | Can the user create new records? |
| Update | Can the user edit existing records? |
| Delete | Can the user remove records? |
Modules (30)
Permissions are configured independently for each of these modules:
| Module | Module | Module |
|---|---|---|
| Contacts | Companies | Conversations |
| Pipelines | Opportunities | Campaigns |
| Workflows | Forms | Calendar |
| Tasks | Invoices | Estimates |
| Recurring Invoices | Products | Documents |
| Email Templates | SMS Templates | Tags |
| Custom Fields | Custom Values | Snippets |
| Segments | Suppressions | Reporting |
| Reputation | Social Media | Bulk SMS |
| Notifications | Settings | Users |
Sub-Module Fallback
Some modules are grouped under a parent. If a specific sub-module permission is not defined, the system falls back to the parent module's permission. For example, if "Companies" permissions are not explicitly set, the system checks the "Contacts" permission instead.
Scope Control
For modules where it makes sense, permissions include a scope setting that controls which records the user can access:
| Scope | What It Means |
|---|---|
| Own | The user can only access records assigned to them |
| Team | The user can access records assigned to anyone on their team |
| All | The user can access all records in the sub-account |
Scope applies independently to each action. For example, a sales rep might have:
- View: All (can see every contact)
- Create: All (can create contacts)
- Update: Own (can only edit contacts assigned to them)
- Delete: None (cannot delete contacts)
This gives you precise control over data access without creating an overly complex role structure.
Feature Gating by Plan
Agency owners can create subscription plans that enable or disable entire modules. When a module is gated by plan:
- The module does not appear in navigation for sub-accounts on that plan
- Backend operations for the module are blocked, even if the user's role would normally allow access
- Upgrading the plan immediately enables the module
This lets you create tiered product offerings - for example, a "Starter" plan with contacts, conversations, and pipelines, a "Professional" plan that adds workflows and campaigns, and an "Enterprise" plan with everything.
Gated Capabilities
Plans can control access to:
- Individual modules (contacts, pipelines, workflows, campaigns, etc.)
- Specific features within modules
- Integration access
- Advanced automation features
Usage Limits
In addition to feature gating, plans can define usage limits that cap how much of each resource a sub-account can consume:
| Resource | What It Limits |
|---|---|
| Contacts | Maximum number of contact records |
| Users | Maximum number of team members |
| SMS per month | Monthly SMS message quota |
| Workflows | Maximum number of active workflows |
| Storage | File storage capacity |
Usage limits are enforced at the backend level. When a limit is reached:
- The user receives a clear message explaining the limit
- The operation is blocked
- The sub-account admin or agency owner can upgrade the plan to increase limits
Usage Tracking
Current usage against limits is visible in the settings area, so sub-account admins can monitor their consumption and plan accordingly.
Enforcement
Permissions are enforced at two levels:
Backend Enforcement
Every mutation (create, update, delete operation) checks the user's permissions before executing. If the user does not have the required permission, the operation fails with an authorization error. This enforcement cannot be bypassed from the frontend.
Frontend Enforcement
The UI uses permission data to show or hide interface elements. Buttons, menu items, and entire navigation sections are hidden when the user lacks the required permission. This provides a clean experience - users only see what they can act on.
Both layers work together: the frontend prevents accidental unauthorized actions, and the backend guarantees that no unauthorized operation can succeed regardless of how the request originates.
Audit Trail
Every permission-checked action is recorded in the audit log, including:
- Who performed the action
- What action was taken (create, update, delete)
- Which record was affected
- What changed (before and after values)
- When it happened
The audit log is searchable and filterable by action type, entity type, user, and date range. It can be exported for compliance and review purposes.
Summary
| Capability | Detail |
|---|---|
| System roles | 4 (Agency Owner, Brand Admin, Sub-Account Admin, Sub-Account User) |
| Custom roles | Unlimited, at agency or sub-account level |
| Permission modules | 30 |
| Actions per module | 4 (view, create, update, delete) |
| Scope options | 3 (own, team, all) |
| Permission templates | 5 (Full Access, Admin No Billing, Sales Rep, Standard, Limited) |
| Feature gating | Per plan, per module |
| Usage limits | Per plan (contacts, users, SMS, workflows, storage) |
| Escalation prevention | Users cannot assign roles at or above their own level |
| Enforcement | Dual: backend (mandatory) + frontend (UI filtering) |
| Audit logging | Every mutation, searchable and exportable |