Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/twentyhq/twenty/llms.txt

Use this file to discover all available pages before exploring further.

Roles control what users can do in your Twenty workspace. Assign roles to grant appropriate access levels to team members.

Understanding Roles

Roles define:
  • What users can see - Which objects and records
  • What users can do - Create, edit, delete permissions
  • What users can configure - Settings and workflows access
  • Administrative privileges - Workspace management capabilities
Each workspace member has exactly one role.

Default Roles

Twenty includes built-in roles:

Admin

Full workspace access:

Data Access

  • View all records
  • Edit all records
  • Delete records
  • Import/export data

Configuration

  • Manage data model
  • Create/edit workflows
  • Configure integrations
  • Manage workspace settings

User Management

  • Invite members
  • Assign roles
  • Remove members
  • View activity logs

Billing

  • Manage subscription
  • View usage
  • Update payment methods
  • Access invoices
Workspace owners are automatically admins and cannot have their role changed.

Member

Standard user access: 
Data Permissions:
  - View: All objects
  - Create: Yes
  - Edit: Own records and shared records
  - Delete: Own records only
  
Configuration:
  - Data model: No access
  - Workflows: View only
  - Integrations: Connect own accounts only
  
User Management:
  - No access to user management
Best for:
  • Sales reps
  • Customer success team
  • Most team members

Viewer

Read-only access: 
Data Permissions:
  - View: All objects (based on sharing)
  - Create: No
  - Edit: No
  - Delete: No
  
Configuration:
  - Read-only access to views
  - Cannot modify anything
  
User Management:
  - No access
Best for:
  • Executives (view metrics)
  • External consultants
  • Temporary access

Creating Custom Roles

Create roles tailored to your team:
1

Navigate to roles

Go to Settings → Security → Roles.
2

Click New Role

Select + New Role to create a custom role.
3

Name the role

Give it a clear, descriptive name:
Sales Manager
Marketing Team Member
Customer Support Agent
Sales Development Rep
4

Set base permissions

Choose starting template:
  • Start from Member
  • Start from Viewer
  • Start from scratch
5

Configure object access

For each object, set permissions:
Companies:
  View: All
  Create: Yes
  Edit: All
  Delete: Own only

Opportunities:
  View: Team + Own
  Create: Yes
  Edit: Own only
  Delete: No
6

Set field permissions

Control access to sensitive fields:
Company.Annual Revenue:
  View: Yes
  Edit: No (read-only)

Opportunity.Commission:
  View: No (hidden)
  Edit: No
7

Configure settings access

Allow/deny access to specific settings:
Workspace Settings: No
Data Model: No
Workflows: View only
Integrations: Own only
8

Save the role

Click Create Role to save.

Role Configuration

Object-Level Permissions

Control access to entire objects:
Who can see records:Options:
  • All - See all records in object
  • Team - See team’s records
  • Own - See only own records
  • Shared - See explicitly shared records
  • None - Cannot see object
Example:
Sales Rep:
  Companies: View All
  Opportunities: View Team + Own
  Internal Projects: View None

Field-Level Permissions

Control access to specific fields:
Fields user cannot see:
Example: Hide sensitive data

Opportunity.Cost:
  Sales Rep: Hidden
  Sales Manager: Visible

Company.Annual Revenue:
  SDR: Hidden
  Sales Rep: Visible
Fields user can see but not edit:
Example: Protect calculated fields

Lead.Score:
  Sales Rep: Read-Only
  (Calculated by workflow)

Opportunity.Close Date:
  Sales Rep: Read-Only
  Sales Manager: Editable
Fields user can view and modify:
Example: Normal access

Company.Name:
  All roles: Editable

Opportunity.Stage:
  Owner: Editable
  Others: Read-Only

Role Examples

Sales Manager Role

Role: Sales Manager
Description: Manages sales team and pipeline

Object Permissions:
  Companies:
    View: All
    Create: Yes
    Edit: All
    Delete: All
  
  People:
    View: All
    Create: Yes
    Edit: All
    Delete: Own
  
  Opportunities:
    View: All (entire sales org)
    Create: Yes
    Edit: All (team opportunities)
    Delete: Team
  
  Tasks:
    View: Team
    Create: Yes
    Edit: Team
    Delete: Own

Field Permissions:
  All fields visible and editable
  
Settings Access:
  - View reports: Yes
  - Export data: Yes
  - Manage workflows: Yes
  - Manage users: No
  - Data model: No

Sales Development Rep (SDR)

Role: SDR
Description: Qualifies leads and books meetings

Object Permissions:
  Leads:
    View: Own + Unassigned
    Create: Yes
    Edit: Own
    Delete: Own
  
  Companies:
    View: Related to own leads
    Create: Yes (when qualifying)
    Edit: Related only
    Delete: No
  
  People:
    View: Related to own leads
    Create: Yes
    Edit: Related only
    Delete: No
  
  Opportunities:
    View: No (not yet qualified)
    Create: Yes (when converting)
    Edit: No
    Delete: No

Field Permissions:
  Hidden:
    - Opportunity.Amount
    - Company.Annual Revenue
    - Any commission fields
  
  Read-Only:
    - Lead.Score (auto-calculated)
    
Settings Access:
  - Minimal configuration access
  - Connect own email only

Customer Success Manager

Role: Customer Success
Description: Manages customer accounts post-sale

Object Permissions:
  Companies:
    View: Customers only (Status = "Customer")
    Create: No
    Edit: Customer accounts
    Delete: No
  
  People:
    View: All at customer companies
    Create: Yes (new contacts)
    Edit: All
    Delete: No
  
  Opportunities:
    View: Closed Won only
    Create: Yes (upsell/renewal)
    Edit: Own opportunities
    Delete: No
  
  Support Tickets:
    View: All
    Create: Yes
    Edit: All
    Delete: No

Field Permissions:
  All customer-related fields visible
  Cannot see sales metrics
  
Settings Access:
  - View customer reports
  - Export customer data
  - No workflow management

Assigning Roles

Assign roles to workspace members:
1

Navigate to members

Go to Settings → Members.
2

Select user

Click on the member whose role you want to change.
3

Change role

Click the Role dropdown and select new role.
4

Confirm change

Click Save to apply the new role.
Role changes take effect immediately. User may need to refresh to see changes.

Bulk Role Assignment

Change roles for multiple users:
  1. Go to Settings → Members
  2. Select multiple members (checkboxes)
  3. Click Change Role in action bar
  4. Select new role
  5. Confirm bulk update

Role Best Practices

Grant minimum access needed:
  • Start restrictive
  • Add permissions as needed
  • Don’t give admin to everyone
  • Review permissions regularly
Match roles to responsibilities:
Sales:
  - SDR (lead qualification)
  - Sales Rep (closing deals)
  - Sales Manager (team oversight)

Support:
  - Support Agent
  - Support Manager

Operations:
  - Ops Analyst (reports)
  - Ops Manager (configuration)
For each role, document:
  • Who it’s for
  • What they can do
  • Why permissions are set this way
  • Examples of users with this role
Regular role audits:
  • Are permissions still appropriate?
  • New roles needed?
  • Roles need updates?
  • Users in correct roles?
Verify role works as expected:
  1. Create test user
  2. Assign new role
  3. Test permissions
  4. Verify access is correct
  5. Then assign to real users

Managing Roles

Editing Roles

Changing a role affects all users with that role immediately.
  1. Go to Settings → Security → Roles
  2. Click the role to edit
  3. Modify permissions
  4. Save changes

Deleting Roles

To delete a custom role:
  1. Ensure no users have the role
  2. Go to Settings → Security → Roles
  3. Click the role
  4. Select Delete
  5. Confirm deletion
Default roles (Admin, Member, Viewer) cannot be deleted.

Role Analytics

Monitor role usage:
  • Settings → Security → Roles → Analytics
  • See:
    • Users per role
    • Most/least used roles
    • Permission patterns
    • Access violations (attempted unauthorized actions)

Troubleshooting Roles

User Cannot See Records

Check:
  • Role’s view permission for object
  • Record ownership
  • Record sharing settings
  • Object visibility in settings

User Cannot Edit Field

Check:
  • Role’s field permissions
  • Field is not system field (always read-only)
  • Object edit permission granted
  • Field not locked by workflow

Permission Seems Inconsistent

Check:
  • Role definition
  • Record-level sharing overrides
  • Workflow automation may change things
  • Cache (have user refresh)

Next Steps

Access Control

Learn about record-level access control

Workspace Setup

Manage workspace members

Build docs developers (and LLMs) love

Get started for freeTalk to us