Module 07 · Access & Identity

Access & Identity

ZippCRM uses role-based access control (RBAC). Every user belongs to exactly one role and one team. This determines what they can see, create, and approve. This module explains every role and how to manage users safely.

Who manages thisAdmin role only

Key objectsUsers · Roles · Teams · Portal Users

Section 1

User Roles

Role	What they can do	What they cannot do
Admin	Everything — user management, settings, all data	Nothing restricted
Manager	Create projects, approve effort/stages, assign work, view all clients in their team	Create users, change system settings
Consultant	Log time, complete assigned tasks, upload documents, view assigned projects	Create clients/projects, approve anything, view billing details
Viewer	Read-only access to all projects and clients they are scoped to	Create or edit any record
Client Portal User	See their own projects, upload to Doc Requests, view invoices, raise queries	See any other client's data, modify project details, view internal notes

Principle of least privilegeAlways assign the minimum role needed. A consultant who later becomes a manager should have their role upgraded by Admin — do not share manager credentials.

Section 2

Creating an Internal User

Go to Admin → Users → + New User

Fields: First name, Last name, Email, Role (dropdown), Team (dropdown), and whether to send a welcome email.

Set the Role carefully

The role controls everything the user can access. If unsure, start with Consultant and upgrade after onboarding.

Assign to a Team

Teams determine which client accounts and projects this user can access. A user not in a team can only see globally shared records.

Click Save — credentials are emailed

The user receives a welcome email with a temporary password. They must change it on first login.

Verify access after creation

Ask the new user to log in and confirm they can see their assigned work. If access is wrong, adjust the role or team immediately.

Section 3

Creating Client Portal Users

Portal users are external — they represent a client contact who needs to see project status, respond to doc requests, and raise queries. Portal users only see their own client's data.

Go to the Client record → Portal Access tab

Lists existing portal users for this client.

Click '+ Add Portal User'

Enter the contact's email address. This must match the email at which they can receive messages.

Select which projects they can see

You can restrict a portal user to specific projects under the client. Default is all active projects.

Click Send Invite

The contact receives an email with a portal access link. They set their own password on first access.

Revoke if needed

To remove portal access: go to Client → Portal Access → toggle the user to Inactive. They are immediately locked out.

Security noteNever share your internal ZippCRM credentials with a client. Always create a separate Portal User account for any external party who needs visibility.

Section 4

Teams

Teams group related consultants under a manager. Work is assigned to teams first (not individuals), then the team manager routes it.

Field	Meaning
Team Name	e.g., RBI Compliance Team, SEBI Advisory, IRDAI Operations
Team Manager	The Manager-role user who receives unassigned work and routes it
Members	Consultant-role users who receive individual task assignments
Default Regulator	Optional — pre-selects this team when creating projects for that regulator type