Skip to content
Team & Permissions7 min read

Team & Permissions

When it was just you and your co-founder, sharing a spreadsheet was fine. Everyone could see everything, and nobody worried about access control. Then you hired Ravi for sales, Priya for account management, and an intern for data entry. Suddenly, the intern can see every deal value, Ravi can edit Priya's contacts, and nobody knows who changed that phone number last Tuesday. Permissions aren't about distrust — they're about clarity.

Four roles, zero confusion

TatvaCRM ships with four built-in roles. They cover 90% of team structures out of the box — no configuration needed.

Owner
Full access to everything. Can manage billing, delete the account, invite admins, and configure every setting. There's exactly one Owner per workspace — typically the founder or CEO.
Admin
Everything the Owner can do except delete the workspace or transfer ownership. Admins manage users, roles, pipelines, and integrations. Your operations head or sales director fits here.
Manager
Can see and manage records for their entire team. Create, edit, and export contacts, companies, deals, leads, and tasks — but only within their team's scope. Cannot change system settings or manage users.
Member
Can read and write their own records. A salesperson who should only see their own contacts and deals. They can create new records, edit what they own, but can't see anyone else's data.

Three levels of record visibility

Roles control what actions someone can take. Visibility controls what data they can see. TatvaCRM separates these cleanly into three levels:

Everything
See all records across all teams. Owners and Admins get this by default.
Team
See records owned by anyone in your team. Managers get this by default.
Own
See only records you created or that are assigned to you. Members and Viewers get this by default.

Here's what this looks like in practice. Suppose your company has 500 contacts across 3 teams:

Owner sees all 500 contacts. Manager (North team) sees 160 contacts — the ones belonging to their team. Salesperson sees 35 contacts — only the ones they personally own.

Same CRM, same interface, completely different data views. No one sees more than they need to.

Custom roles for businesses that don't fit the mould

The four built-in roles work for most teams. But every business has edge cases. TatvaCRM lets you create custom roles with any combination of 35 granular permissions and any visibility level.

Senior Sales Executive
Can read all team contacts (team visibility) and create deals, but cannot delete records or export data. Trusted enough to see the bigger picture, restricted from bulk operations.
Marketing Lead
Can read all contacts (everything visibility) for segmentation and campaigns, but cannot edit deal values or pipeline stages. Full read access, limited write access.
External Consultant
Read-only access to their own assigned records. Can view contacts and deals but cannot create, edit, or delete anything. Perfect for temporary advisors or auditors.

Teams — organise by geography, department, or product

Teams let you group users and scope their visibility. Create a "North India" team, a "Enterprise Accounts" team, or a "Product X" team — whatever matches your business structure. Managers see their team's records; members see their own. The dashboard, pipeline view, and reports all respect team boundaries automatically.

Users belong to exactly one team. If someone works across teams, give them a custom role with "everything" visibility. Simple, no workarounds needed.

What happens when someone leaves

Your top salesperson just resigned. They had 120 contacts and 8 active deals. Without a CRM, you're scrambling through their phone, email, and notebook trying to piece together months of relationship history. With TatvaCRM, you disable their account — every record, every note, every deal stays exactly where it is. Reassign to the new owner in two clicks.

  • 120 contacts on personal phone
  • Deal history in their notebook
  • Client preferences in their memory
  • WhatsApp conversations gone forever

Export restrictions and audit trail

CSV export is restricted to Owner and Admin roles by default. Members and Managers cannot bulk-export your customer database. This prevents the classic scenario: employee downloads all contacts on their last day and takes them to a competitor.

Every create, update, and delete operation is logged in the audit trail. You can see exactly who changed what, when, and what the previous value was. This isn't just for compliance — it's for accountability. When a deal amount changes from ₹5L to ₹50L, you'll know who changed it and when.

Frequently asked questions

Can I change the built-in roles?
The four system roles (Owner, Admin, Manager, Member) are immutable — their permissions are fixed to prevent accidental misconfiguration. Instead, create a custom role with exactly the permissions you need.
How many custom roles can I create?
Custom roles are available on the Professional plan and above. You can create as many as you need — there's no artificial cap.
Can a user belong to multiple teams?
Currently, each user belongs to one team. If someone needs to see data across teams, assign them a custom role with "everything" visibility. This keeps the permission model simple and predictable.
Is the audit trail available on the free plan?
The audit trail is available on the Professional plan. Free and Starter plans include basic activity logs on individual records.
Continue reading
Productivity Tools
Search, import, email templates, and more
Related
Why CRMCRM Data ProtectionSolutionCRM for ManufacturingCompareTatvaCRM vs HubSpot

Ready to stop losing leads?

Start free. No credit card. 2,000 records included.

Get Started for Free