pplCRM

Users and roles

Invite teammates, understand viewer / editor / admin, and enforce sign-in security like MFA.

3 min read

User management lives under Users in the Admin section, visible to administrators only. Every teammate gets their own account; shared logins defeat both security and the activity log.

The page opens with a one-line summary: how many users, how many are active or invited, and how many plan seats are in use. Each row shows a Status chip: Active, Invited (account created, not yet signed in), or Deactivated. It also has an MFA column showing who has multi-factor sign-in turned on and a Last active column based on real sign-in sessions. Change someone’s role right in the row with the role dropdown; your own role is locked, which prevents an accidental self-lockout. The menu on each row opens the profile or sends a password reset email.

The user page

Click a name to open the user’s page. Everything is managed right there, with no separate edit screen. The Profile card edits their name and email in place with an explicit Save user (changing an email sends a confirmation to the new address first). The Access card changes the role (it applies immediately, and locked roles say why) and shows two-factor status, last activity, and email verification. Send password reset sits in the header; for an Invited user who hasn’t signed in yet, the Access card offers Resend invite with a fresh activation link. Deactivate user and Delete user live in the menu.

Inviting someone

Invite user opens a dialog asking for the person’s email, first and last name, and role. The invitation arrives by email with an activation link that expires after 7 days, and it takes a plan seat right away. The dialog tells you how many seats remain. If an invitation lapses, open the person’s page and click Resend invite to issue a fresh link and temporary password. When every seat is in use, the button explains that too; free a seat or upgrade under Settings → Billing.

The roles

  • Viewer: read-only. Sees the data, changes nothing. Right for stakeholders and observers.
  • Editor: the working role. Manages contacts, sends newsletters, runs the daily work.
  • Admin: everything, plus the Admin area, which holds users, workspace configuration, and the workspace-wide activity log.
  • Owner: everything an admin can do, plus billing and workspace lifecycle. Every workspace keeps at least one owner, and only an owner can change another owner’s role.

New invitations default to the role set under Workspace → Teams & Access. Grant the least role that lets someone do their job. You can always raise it later.

Multi-factor authentication

Turn on Require MFA for all users (Workspace → Teams & Access) and every sign-in from a new device or location must be confirmed with an email verification code. Strongly recommended once more than a couple of people share the workspace.

Departures checklist
When someone leaves, open their user page and pick Deactivate user from the menu. Sign-in stops immediately and their sessions end, but their seat frees up and their history stays attributed to them in the activity log. If they return, Reactivate user restores access. Deactivated accounts keep their role.
Related

Try this on sample data.

Every feature in the docs is live in the free demo workspace — no card, nothing to lose.

Start free