CrystalQore
Admin Guide Overview

Roles and Permissions

Three roles—User, Admin, Superadmin. Module and dashboard widget permissions. Admins can lock widgets. Sensible defaults per role.

Roles and Permissions

CrystalQore uses a role-based access control system. Each user is assigned one of three roles: User, Admin, or Superadmin. Roles determine what modules and dashboard widgets a user can access. Admins can lock specific dashboard widgets so users cannot enable them.

The Three Roles

RoleAccess LevelTypical Use
UserStandard access to assigned modules and widgetsDay-to-day users, agents, staff
AdminSame as User, plus tenant-level admin featuresTenant administrators, team leads
SuperadminFull platform access, including Superadmin panelPlatform administrators, IT

Role Hierarchy

Superadmin > Admin > User
  • Superadmin — Can access /superadmin, manage all tenants, users, PBX instances, system settings
  • Admin — Can access tenant admin portal; manage users and settings within their tenant
  • User — Standard application access; no admin capabilities

Module Permissions

Each user has a UserRole record that defines module permissions. These control visibility and access to major areas of the application:

ModuleDescription
ChatInstant messaging and group chats
ContactsContact management and sharing
CDRCall Detail Records (call history)
FaxFax sending and receiving
SMSSMS/MMS messaging (Professional/Enterprise tier)
RecordingsCall recording playback and management
Admin PortalTenant-level admin features (Admin role only)

Permissions default to sensible values per role:

  • User — Chat, Contacts, CDR, Fax typically enabled; SMS if available; Recordings and Admin Portal typically off
  • Admin — Same as User plus Admin Portal
  • Superadmin — Full access to all modules

Admins can customize module permissions per user or per role in the admin portal. Superadmins manage global role defaults in the Superadmin panel.

Dashboard Widget Permissions

The dashboard displays various widgets (Stats, Calls, Schedule, Messages, Actions, etc.). Each widget can be:

  • Enabled — User can see and use the widget
  • Disabled — User cannot see the widget
  • Locked — Admin has locked the widget; users cannot enable it even if they have the permission

Widget Types

WidgetDescription
StatsCall statistics cards (Today's Calls, Inbound, Outbound, Missed)
CallsRecent calls list
ScheduleToday's schedule / calendar
MessagesRecent chat messages
ActionsQuick actions (Make a Call, New Message, Add Contact, New Note)

Admins can lock widgets so that:

  • Users cannot enable them in the dashboard customizer
  • The widget is hidden from users regardless of their preferences
  • Ensures compliance or simplifies the interface for specific teams

Permission Defaults

Each role ships with sensible defaults:

User Defaults

  • Chat, Contacts, CDR, Fax enabled
  • SMS enabled if tier supports it
  • Recordings as configured by admin
  • Admin Portal disabled
  • All dashboard widgets available (unless locked by admin)

Admin Defaults

  • Same as User
  • Admin Portal enabled
  • Can manage tenant users, settings, and locked widgets

Superadmin Defaults

  • Full access to all modules
  • Access to Superadmin panel
  • Can manage tenants, users, roles, PBX, system settings, audit logs

Managing Permissions

For Admins (Tenant Level)

Admins can typically:

  • Enable or disable modules for users in their tenant
  • Lock or unlock dashboard widgets for their tenant
  • Assign User or Admin role (not Superadmin)

For Superadmins (Platform Level)

Superadmins can:

  • Configure default permissions per role
  • Override permissions for any user
  • Create and manage API clients (Enterprise)
  • Access audit logs and system-wide settings

Best Practices

  • Principle of least privilege — Start users with minimal permissions; add as needed
  • Lock widgets for consistency — If your team should only see Calls and Messages, lock the others
  • Review Admin assignments — Admins have significant power within a tenant; assign sparingly
  • Audit permission changes — Use audit logs to track who changed what and when
PageDescription
User ManagementCreate users and assign roles
Tenant ManagementTenant-level configuration
Audit LogsTrack role and permission changes

Previous

Data Retention Policies

Next

System Settings

On this page