In The Smart DMS , permissions control what each user can see and do . Roles are groups of permissions assigned to users—making it easier to manage access across the system.
Types of Permissions #
Permissions are structured by action types and can be either general or custom . Here’s what each one means:
View Permissions # Permission Meaning view_allView all records , regardless of who created or owns them. view_anyView any record assigned to the user (e.g., their own tasks or clients). viewView a specific record they have access to. view_any_activitiesView all activity logs related to their assigned records. view_activitiesView a single activity log entry .
Create & Manage Records # Permission Meaning createCreate a new record (task, user, product, etc.). updateEdit or update existing records. replicateClone or duplicate a record. reorderChange the display or order of records in listings.
Restore & Archive # Permission Meaning restoreRestore a record they own or created from trash. restore_anyRestore any deleted record , regardless of owner. archiveArchive a record they have access to. archive_anyArchive any record , regardless of owner. unarchiveUnarchive records they have access to. unarchive_anyUnarchive any archived record .
Delete Permissions # Permission Meaning deleteSoft-delete a record (move to trash). delete_anySoft-delete any record , regardless of owner. force_deletePermanently delete a record they own. force_delete_anyPermanently delete any record .
Example Scenarios #
A Supervisor might have: view_all, update, archive_any, restore_any.
A Marketer might have: view_any, view_activities, create, update.
An Admin would likely have all permissions, including force_delete_any.
🧠 Tip: Assign roles based on what a user actually needs. Giving too many permissions can expose sensitive records or create unwanted changes.
Permissions Matrix #
Permission Action Description Recommended Roles view_allView View all records, regardless of owner Admin, Supervisor view_anyView View any record assigned to the user Admin, Supervisor, Employee viewView View a single record All roles (depending on context) view_any_activitiesView Activity Logs View all activities on records assigned to user Admin, Supervisor view_activitiesView Activity Logs View a specific activity log Admin, Supervisor, Employee createCreate Create new records Admin, Supervisor, Marketer updateEdit Update or modify a record Admin, Supervisor, Creator replicateClone Duplicate an existing record Admin, Supervisor reorderReorder Change the order/display of records Admin restoreRestore Restore deleted record (if owned) Admin, Supervisor restore_anyRestore Restore any deleted record Admin archiveArchive Archive a record (if owned) Admin, Supervisor, Marketer archive_anyArchive Archive any record Admin unarchiveUnarchive Unarchive a record (if owned) Admin, Supervisor, Marketer unarchive_anyUnarchive Unarchive any record Admin deleteDelete Soft delete (trash) a record Admin, Supervisor delete_anyDelete Soft delete any record Admin force_deletePermanent Delete Permanently delete a record (if owned) Admin force_delete_anyPermanent Delete Permanently delete any record Admin
🧩 Notes: #
✅ “Any” permissions allow access beyond the user’s own records.
❌ “Force Delete” permanently removes records with no recovery.
🗂️ Activity permissions apply to logs tied to specific records (e.g., tasks, leads).
🔐 Assign higher-level permissions (like force_delete_any) sparingly.
