Control permissions given to a user on the roles provided and create new roles based on the roles present in the organization.

How does this work?

As a company grows and onboards more users, there is always a need to regulate access for the team members.
Why do you need Roles and Permissions?

  • To match the agent role in your company to their role in your account.
    For example, a customer support team may want to create new FAQ articles but not launch marketing campaigns, or a Sales Development Representative (SDR) may need access to view and edit contacts, but may not need access to delete a contact or edit a marketing journey.  In such cases, Admins can create roles that grant requisite permissions to users.

  • To manage large teams
    Manage teams spread geographically across different regions or departments (pre-sales, sales, customer support, engineering, etc). For example, you can restrict pre-sales and customer support teams from accessing conversations specific to their departments, or you can allow an agent with an Admin role to manage settings and view the Dashboard and Reports of only their teams

The available roles are:

  • Account Admin

  • Administrator

  • Support Agent

  • Support Manager

  • Marketing User

  • Marketing Manager

  • Restricted User

  • Sales User

You can also create custom roles with granular access permissions. 

How to create customized roles?

To create custom roles,

  1. Go to Admin Settings > Roles

  1. Click Create role

  2. Enter the role name and choose the permissions you want to clone.

  3. Choose the default scope:

    1. Global: Allows agents to access data across organization.

    2. Group: Allows agents to access only assigned permissions. For example, a support agent in Freshchat can add private notes on conversations only if they are part of the group to which the conversation is assigned. 

    3. Restricted: Allows agents to access conversations by groups (like sales groups, billing groups, and support groups)

  1. Click Next to proceed.

  2. Choose the relevant permissions for the role. The different categories of permissions are:

Modules: Allows admins to configure module-level permissions for users. Admins can modify the scope to one of the 4 actions

  1. View - View records based on the scope

  2. Create - Create a record

  3. Edit - Edit a record

  4. Delete - Delete a record

This covers Contacts, Accounts, Deals, Tasks, and Appointments. Additionally, it will also contain module permissions for any custom modules that may be created.


  • Sales Activities: All Sales Activities such as Tasks, Meetings, Call Logs and Custom sales activities fall under this category. The access to all these activities will be ‘Related Access’. This means users can access and edit tasks and appointments of only those records that fall under their scope. 
    Note: The permissions selected for custom sales activities will apply for all configured sales activity types. 
    For example, your Sales Development Representative can be given access to Tasks and Appointments while still be revoked access to custom sales activities. 


    Call Logs: When access to Call Logs is revoked, the ability to add Call Logs will be revoked. The option to add a call log will be made invisible inside the product. To log calls through APIs (for marketplace phone apps), enable this permission.

  • Actions: This includes all record-related actions such as Import, Assign, Share. Using Search records permissions, you can restrict users from searching for records under specific modules. 

    For example, a vendor who has access only to the Contacts module in your web application can be restricted to searching for records under the Contacts module alone.

    In the case of our example, for a Sales Development Representative, you can choose to allow access to all actions except importing and merging deal records. 

    With the Access Views permission, you can restrict users to only view specific modules on the Left Navigation Bar and List Views. 

    For example, if the Deals module is disabled under 'Access View', the Deals module will not be accessible for Users in the List View. Users can navigate to the Account details page and create or view related deals.


  • Sales Goals: All permissions related to Sales Goals fall under this category. Admins can modify the scope to sales goals-related features by checking/unchecking the options.

    In the case of our example, for a Sales Development Representative, you can grant the user access to view all team goals but enable access to create goals only for himself. Similarly, you can also disable access to 'Recalculate a goal'.

  • Analytics: This includes all permissions for Reporting and Analytics. Admins can control the scope of Analytics or a specific Reporting feature. For example, you can allow a support agent to access all Analytics features but restrict them from exporting any report. 

Note: All permissions under analytics are dependent on the ‘View’ permission. For example, disabling view permissions for 'Marketing Emails'disables the Marketing Dashboard.


  • Emails: All permissions related to email functionality, such as access to Sharing Email Templates, Setting limits for Individual emails and bulk emails fall under this category.
    All shared templates are read-only for all users other than the creator of the template. Admin can restrict the sharing scope. The following options are available under sharing scope.

    • Private - User cannot share his templates.

    • Everyone - Public templates are shared to all users/teams/territories in the account.

    • My teams - User can select specific Team names to share with all users in that team. 

    • My Territory - User can select specific territory names to share with users under those territories.

Connect your mailbox permission will be enabled by default for all roles. Admins can refrain their users from syncing their mailbox with the web application by unchecking this option. If this permission is disabled, all the users associated with this role will not have permission to connect their mailbox to the web application. If the permission is disabled for a user who already has their mailbox connected to the web application, they will retain their already synced conversations but their mailbox will be disconnected and the connect your email tab will display a message that the user cannot connect their mailbox.

Admins can define email limits for the following:

  • Individual emails or the transactional emails sent out per day

  • Bulk emails sent per day

In the case of our example, for a Sales Development Representative, you can choose to allow access to all actions except sharing email templates. This setting will hide the share option on the email template for the user. You can also set bulk and individual email limits for the user. This places a cap on the number of emails that the user can send from the web application.

Note: Admin can also restrain the user from sending Emails by unchecking the checkbox under Email custom roles.

  • Sales Sequence: All permissions related to Sales sequences such as access to Sales sequence page, ability to create and share sequences, and setting limits for the maximum number of emails sent via sales sequences falls under this category.

    In the case of our example, we can allow the Sales Development Representative to view all Sales sequences while still restricting permission to create sales sequences only for contacts. Similarly, we can also choose to set the limit as 4000 emails per day as part of the Sales sequences.

Note: A user needs ‘View’ access to be able to access the Sales sequences page. Users who do not have Sales sequences ‘View’ access will still be able to add contacts to existing sequences by choosing the ‘Add to sequence’ option from the list view and the landing page of the record.

  • Marketing Lists: All permissions related to Marketing list such as access to lists, moving contacts to a list, copying contacts from a list, and deleting contacts from a list.

In the case of our example, we can allow the Sales Development Representative to view, create, and edit Marketing lists.

  • Marketing Campaigns: All permissions related to Marketing campaigns such as access to email campaigns, marketing segments, and journeys, journey and transactional emails.

In the case of our example, you can choose to grant access to the Sales Development Representative to perform all actions Email campaigns and transactional emails, however, grant only view permissions over marketing segments and journey emails. You can also hide marketing journeys.


  • Tickets:

Includes permission to access Freshdesk tickets. 

Note: This permission is available only to customers on the Customer Support Service Suite. The agents with this permission can directly access and manage tickets on Freshdesk. Here’s the mapping of roles in Freshchat to Freshdesk:

Support agent - Agent (Global scope)

Support manager - Supervisor (Global scope)

Administrator - Administrator (Global scope)
Account admin - Account admin (Global scope)



  • Chat Settings: All permissions related to canned response and canned response categories, and managing files and chat.

 In the case of our example, you can choose to grant access to the Sales Development Representative to perform all actions related to chat.

  • Phone: Permissions to access the phone widget. Under the phone permissions, the following are offered.

    • Access to Phone: This permission governs access to the phone module. When disabled, the user will not be able to find the phone module on the left navbar. Their access to make or receive phone calls
 will also be disabled. Similarly, they will not be able to access past phone conversations, phone conversations, or voicemails from the details pages. 

Allow users to receive and make phone calls: When disabled this permission revokes user access to make or receive phone calls through the phone widget. However, they can still view past phone conversations in the activity timeline and under the conversations list view. Similarly, they can view and access phone conversations made by other users but will not be able to make phone calls on their own. 

NOTE:  Enable this permission to use the built-in phone dialer or phone apps built from our marketplace.



In the case of our example, you can choose to grant access to the Sales Development Representative to access the phone widget. Additionally, you can also regulate if the user can make or receive phone calls. Click the checkbox off, will prevent the user from making or receiving calls inside the CRM. 
However, if you are looking to create a role for a sales intern, the user does not need access to make receive or make calls but would still need to view and listen to the phone conversations made by senior representatives under his assigned contact view. This can be done by configuring the following permissions:

1. Access to Phone - Enabled
2. Allow users to receive and make calls - Disabled

  • SMS: All permissions related to SMS settings fall under this category. Admins can configure the permissions to send Individual and Bulk SMS by checking/unchecking the options. They can also configure the number of SMSes that can be sent per day.

    In the case of our example, we can allow the Sales Development Representative to send a maximum of 500 Individual SMSes and 300 Bulk SMSes per day.

  • Collaboration: Permission to collaborate on deals through the Slack integration.

  • User Settings Permissions: All permissions related to User Settings falls under this category. Admins can configure access to a user's access to various user-specific features such as requesting a demo, creating a support ticket, downloading the mobile app, accessing the knowledge base, etc. by checking/unchecking the options.


  • Admin Settings Permissions: All permissions related to Admin settings falls under this category. Admins can configure access to Admin settings by checking/unchecking the options.
    In the case of our example, for a Sales Development Representative, you can disable access to manage users or export data and restrict their role to access only workflows and territories.


Note: All permissions under reports are dependent on the ‘Access Admin Settings’ permission. Unchecking this option would disable Admin Settings functionality for the user and hide the buttons from the user’s application.

  • To modify permissions for individual fields, refer to this article.

6. Click Save to save the role.

How to add users to a customized role?

  1. Go to Admin Settings > Roles

  2. Click on role 

  3. In the permissions page of the role, click on the Assign users button. You will be presented with an ASSIGN USERS overlay.

  1. Select a user by clicking on the check box next to the user.

  2. Click Assign. The user will be assigned to the role.