Roles and permissions explained
SummitPSA controls access with roles (reusable permission sets) plus optional per-agent overrides. Every agent has exactly one role. Roles are managed under Admin → Roles, which requires the admin_settings.manage permission.
Permission actions
For each module, a role grants any combination of six actions:
can_view— see the modulecan_create— add recordscan_edit— change recordscan_delete— remove recordscan_export— export datacan_manage— perform privileged actions (e.g. resetting another agent's password)
Modules
Permissions are defined across these modules: tickets, companies, contacts, assets, knowledge_base, time_tracking, projects, contracts, finance, stock, reports, client_portal, admin_settings, users, and service_catalog.
Super Admin
The built-in Super Admin role bypasses all permission checks — it always passes every action. Its permissions cannot be edited and the role cannot be deleted.
Custom roles
Choose New custom role to add one with its own display name, description, and colour, then tick the actions per module. System roles cannot be deleted, and a role that is still assigned to one or more agents cannot be deleted until those agents are moved.
Per-agent overrides & effective permissions
From an agent's Permissions screen you can override individual actions away from the role default, with an optional reason for the audit log. An agent's effective permissions are the role defaults merged with any overrides; clearing an override returns that module to the role default.