The Staff Permissions feature lets firm administrators control exactly what each staff member can see and do inside the Firm Portal. You build reusable Permission Sets, assign them to roles or individual staff, and the system resolves the right access automatically using a simple hierarchy.
In this article:
- What's a Permission Set?
- Viewing your Permission Sets
- Creating or editing a Permission Set
- Understanding access levels
- The permission hierarchy
- Assigning a Permission Set to a Role
- Setting an individual override for a staff member
- Tips & best practices
- FAQ
What's a Permission Set?
A Permission Set is a named, reusable collection of access rules. Each set defines an access level (No Access, Viewer, Editor, Admin, or Custom) for every section of the portal — Billing, Client Collaboration, Collections, Documents, and more.
Instead of configuring each staff member one-by-one, you build a Permission Set once and assign it wherever it applies.
💡 Every firm portal includes a built-in Super Admin set. It grants full access to everything and can't be deleted, so you'll always have at least one all-access set available.
Viewing your Permission Sets
- Click Settings in the sidebar.
- Select People.
- Click the Permission Sets tab.
[Screenshot: Permission Sets list view]
You'll see every Permission Set in your firm, including the default Super Admin set.
Creating or editing a Permission Set
- Click + New Permission Set to create one, or click Edit next to an existing set.
- Enter a Name at the top of the form.
Enter a Description.
💡 Descriptions are strongly recommended — especially for custom sets — so anyone managing permissions later understands what the set is for.
- Set an access level for each section of the product. (See Access levels below.)
- Click Save.
[Screenshot: Permission Set edit form]
Understanding access levels
Each section of the portal can be set to one of these access levels:
| Level | What it grants | No Access | The staff member can't see or interact with this section at all. |
|---|---|---|---|
| Viewer | Read-only access to everything in the section. | Editor | Can view and make changes within the section. |
| Admin | Full control of the section, including configuration. | Custom | Manually pick individual permissions within the section using checkboxes. |
When you select No Access, Viewer, Editor, or Admin, the individual checkboxes within that section are pre-filled and grayed out. To hand-pick specific permissions, choose Custom.
The permission hierarchy
When the system determines what a staff member can access, it checks three levels — in order — and uses the first one it finds:
- Individual override — A permission applied directly to that person's profile. Always wins.
- Role-level Permission Set — The set assigned to the staff member's role.
- Firm default — A baseline Permission Set (basic viewing) that applies if neither of the above is set. You can customize this in Permission Sets settings.
Individual override → Role-level set → Firm default
(1st) (2nd) (3rd)
Assigning a Permission Set to a Role
This is the recommended way to manage permissions at scale. Set it once on the role, and every staff member in that role inherits the right access automatically.
- Go to Settings → People → Roles.
- Click Edit next to the role you want to update.
- Select a Permission Set from the dropdown.
- Click Save.
[Screenshot: Role edit screen with Permission Set dropdown]
💡 You can only choose from existing Permission Sets here — you can't pick individual permissions. To create a new set tailored to a role, build it in Permission Sets first, then assign it.
Setting an individual override for a staff member
Use an individual override when one person needs different access than their role provides — for example, a partner who also needs admin-level access to a specific section.
- Go to Settings → People → Staff.
- Click Edit next to the staff member.
- In the permissions panel, adjust the access level for any section.
- Click Save.
When you change any access level on a staff member's profile, their Permission Set label automatically becomes Custom — that's how you can tell their permissions deviate from their role's set.
[Screenshot: Staff edit screen showing Custom label after override]
💡 To remove an override: Discard your changes on the staff member's profile. The system will fall back to the role's Permission Set.
Tips & best practices
- Write good descriptions. Include what role the set is for and any notable restrictions. Future you will thank present you.
- Prefer role-level assignments over individual overrides. Role-level permissions are easier to audit and maintain. Reserve overrides for true exceptions.
- The Super Admin set can't be deleted. It's your firm-wide fallback with full access.
- Custom unlocks the checkboxes. Choose Custom for a section if you need to mix-and-match individual permissions.
FAQ
Do I need to recreate my existing permissions?
No. Your current staff permissions carry over. We recommend reviewing them and consolidating into reusable Permission Sets when you have time.
What happens if I delete a Permission Set that's in use?
You'll be warned before deletion. Staff or roles using that set will fall back to the next level in the hierarchy.
Can I have a staff member with no role?
Yes — they'll fall back to your firm default Permission Set unless an individual override is set.
Who can manage Permission Sets?
Anyone with People → Admin access in their permissions.
I changed my role's permissions but one staff member didn't update — why?
That staff member likely has an individual override, which always takes priority over the role. Open their profile, discard custom changes, and they'll inherit the role's set again.