Roles and permissions explained

·

SummitPSA controls access with roles (reusable permission sets) plus optional per-agent overrides. Every agent has exactly one role. Roles are managed under Admin → Roles, which requires the admin_settings.manage permission.

Permission actions

For each module, a role grants any combination of six actions:

  • can_view — see the module
  • can_create — add records
  • can_edit — change records
  • can_delete — remove records
  • can_export — export data
  • can_manage — perform privileged actions (e.g. resetting another agent's password)

Modules

Permissions are defined across these modules: tickets, companies, contacts, assets, knowledge_base, time_tracking, projects, contracts, finance, stock, reports, client_portal, admin_settings, users, and service_catalog.

Super Admin

The built-in Super Admin role bypasses all permission checks — it always passes every action. Its permissions cannot be edited and the role cannot be deleted.

Custom roles

Choose New custom role to add one with its own display name, description, and colour, then tick the actions per module. System roles cannot be deleted, and a role that is still assigned to one or more agents cannot be deleted until those agents are moved.

Per-agent overrides & effective permissions

From an agent's Permissions screen you can override individual actions away from the role default, with an optional reason for the audit log. An agent's effective permissions are the role defaults merged with any overrides; clearing an override returns that module to the role default.

Was this article helpful?
Still need help? Contact SummitPSA support.