In The Smart DMS, permissions control what each user can see and do. Roles are groups of permissions assigned to users—making it easier to manage access across the system.
Types of Permissions #
Permissions are structured by action types and can be either general or custom. Here’s what each one means:
View Permissions #
| Permission | Meaning |
|---|---|
view_all | View all records, regardless of who created or owns them. |
view_any | View any record assigned to the user (e.g., their own tasks or clients). |
view | View a specific record they have access to. |
view_any_activities | View all activity logs related to their assigned records. |
view_activities | View a single activity log entry. |
Create & Manage Records #
| Permission | Meaning |
|---|---|
create | Create a new record (task, user, product, etc.). |
update | Edit or update existing records. |
replicate | Clone or duplicate a record. |
reorder | Change the display or order of records in listings. |
Restore & Archive #
| Permission | Meaning |
|---|---|
restore | Restore a record they own or created from trash. |
restore_any | Restore any deleted record, regardless of owner. |
archive | Archive a record they have access to. |
archive_any | Archive any record, regardless of owner. |
unarchive | Unarchive records they have access to. |
unarchive_any | Unarchive any archived record. |
Delete Permissions #
| Permission | Meaning |
|---|---|
delete | Soft-delete a record (move to trash). |
delete_any | Soft-delete any record, regardless of owner. |
force_delete | Permanently delete a record they own. |
force_delete_any | Permanently delete any record. |
Example Scenarios #
- A Supervisor might have:
view_all,update,archive_any,restore_any. - A Marketer might have:
view_any,view_activities,create,update. - An Admin would likely have all permissions, including
force_delete_any.
🧠 Tip: Assign roles based on what a user actually needs. Giving too many permissions can expose sensitive records or create unwanted changes.
Permissions Matrix #
| Permission | Action | Description | Recommended Roles |
|---|---|---|---|
view_all | View | View all records, regardless of owner | Admin, Supervisor |
view_any | View | View any record assigned to the user | Admin, Supervisor, Employee |
view | View | View a single record | All roles (depending on context) |
view_any_activities | View Activity Logs | View all activities on records assigned to user | Admin, Supervisor |
view_activities | View Activity Logs | View a specific activity log | Admin, Supervisor, Employee |
create | Create | Create new records | Admin, Supervisor, Marketer |
update | Edit | Update or modify a record | Admin, Supervisor, Creator |
replicate | Clone | Duplicate an existing record | Admin, Supervisor |
reorder | Reorder | Change the order/display of records | Admin |
restore | Restore | Restore deleted record (if owned) | Admin, Supervisor |
restore_any | Restore | Restore any deleted record | Admin |
archive | Archive | Archive a record (if owned) | Admin, Supervisor, Marketer |
archive_any | Archive | Archive any record | Admin |
unarchive | Unarchive | Unarchive a record (if owned) | Admin, Supervisor, Marketer |
unarchive_any | Unarchive | Unarchive any record | Admin |
delete | Delete | Soft delete (trash) a record | Admin, Supervisor |
delete_any | Delete | Soft delete any record | Admin |
force_delete | Permanent Delete | Permanently delete a record (if owned) | Admin |
force_delete_any | Permanent Delete | Permanently delete any record | Admin |
🧩 Notes: #
- ✅ “Any” permissions allow access beyond the user’s own records.
- ❌ “Force Delete” permanently removes records with no recovery.
- 🗂️ Activity permissions apply to logs tied to specific records (e.g., tasks, leads).
- 🔐 Assign higher-level permissions (like
force_delete_any) sparingly.
