How to Manage Model-Level Permissions for Users in Horilla CRM
In a CRM platform, managing user permissions is essential to ensure data protection and smooth business operations. Access levels should be assigned based on each user’s role and responsibilities within the organization. For example, a sales executive may need permission to create and update leads but should not be allowed to delete them. A support team member may only need view access to customer information, while management users may require broader reporting access.
Thank you for reading this post, don't forget to subscribe!Horilla CRM offers a flexible model-level permission system that enables administrators to define and manage the specific actions users are allowed to perform within each model.
Permissions can be assigned directly to users or applied to multiple users at once using the bulk assignment feature.
This guide explains how to access the User Permissions section, configure permissions for individual users, apply permissions in bulk, and understand how those permissions are enforced throughout the CRM.
Accessing User Permissions
All permission management for users is available inside the Roles and Permissions settings.
To open the User Permissions section:
- Open Settings from the left sidebar
- Under the General section, navigate to Roles and Permissions, then open the Permissions tab located at the top of the page.
The Permissions tab displays the User Permissions section, where all non-superuser accounts are listed.
Each user is displayed in a collapsible row that includes the following details:
- Full user name
- Assigned role (displayed in parentheses when available)
- Expand/collapse control
A search field is provided at the top of the page to help quickly find specific users. The Assign button located in the upper-right corner opens the bulk permission assignment workflow.
Understanding the User Permissions List
The User Permissions page uses an accordion-style layout.
For every user listed, administrators can:
- Expand the row to view model permissions
- Search available models
- Enable or disable permissions individually
- Apply permissions across all models using Select All
Inside each expanded user section:
- A Search models field filters the available models
- A Select All checkbox can grant or revoke all permissions at once
- A permissions table displays all registered models and their available actions
Permission Types
Every model includes eight configurable permissions.
- Create: Grants permission to add new records to the selected model.
- Create Own: allows users to create records associated with themselves.
- Change: Allows editing of all records within the model.
- Change Own: Allows editing only records owned or assigned to the current user.
- View allows access to all records in list views, detail pages, and search results.
- View Own: Restricts visibility to records owned by the current user.
- Delete: Allows deletion of any record within the model.
- Delete Own allows deletion only of records owned by the user.
Each permission operates independently and can be combined to match organizational requirements.
Configuring Permissions for a Single User
Step 1 — Find the User
Use the user search field or scroll through the user list.
Step 2 — Expand the User Row
Click the user row to display the permission table.
Step 3 — Locate the Required Model
Use the model search field or browse through the available models.
Step 4 — Enable Required Permissions
Select the checkboxes corresponding to the permissions that should be granted.
Previously saved permissions remain preselected, allowing administrators to review existing access settings easily.
Step 5 — Use Select All if Required
If the user requires full system access across all models, use the Select All checkbox to enable every permission at once.
Unchecking the option removes all permissions in a single action.
Step 6 — Save the Changes
Save the permission configuration.
The updated permissions become active immediately.
Bulk Permission Assignment
When multiple users require the same permission configuration, the Assign workflow allows administrators to apply permissions to several users simultaneously.
Step 1 — Open the Assign Modal Window
Click the Assign button available in the User Permissions header. This opens the Assign Users modal.
Step 2 — Select the users to whom the permissions should be assigned.
Use the Users input field to search and select one or more users.
Selected users appear as removable tags inside the field.
Step 3 — Configure Permissions
The modal contains the same permission table used in individual user configuration.
Administrators can:
- Grant or revoke permissions model-by-model
- Enable Create, Change, View, and Delete permissions
- Use Select All for faster configuration
Step 4 — Save the Assignment
Click Save to apply the permission configuration to all selected users.
The same permission set is assigned to every selected account simultaneously.
This workflow is especially useful during onboarding, team creation, or role restructuring.
How Permissions Work in the CRM
Once permissions are saved, Horilla CRM applies them consistently across the entire system.
Navigation Restrictions
Users without View permission for a model cannot access that section through navigation menus.
Related menu items remain hidden.
List View Restrictions
Users can view only the records they have permission to access..
Restricted records are excluded from:
- List views
- Search results
- Filters
- Export operations
Form Access Restrictions
Users can access, create, or edit forms only when the required permissions have been granted..
Attempting to access restricted URLs results in a permission denied response.
Row-Level Access Control
Permissions such as View Own, Change Own, and Delete Own work together with the OWNER_FIELDS configuration.
When Own permissions are used, database queries automatically filter records to display only items assigned to the current user.
Server-Side Validation
All permission checks are enforced at the server level.
Even direct access attempts to restricted endpoints are blocked before data can be viewed or modified.
Permission Priority Order
Horilla CRM evaluates permissions using the following hierarchy:
- User-specific permissions — Highest priority
- Role permissions — Applied when no user-specific permission exists
- System defaults — Used when neither user nor role permissions are configured
Superusers bypass all restrictions and always retain full access.
Advantages of Model-Level Permissions
Using the User Permissions system in Horilla CRM provides several benefits:
- Centralized Access Management: All permission configuration is available from a single interface.
- Fine-Grained Control: Eight separate permission types allow precise access management.
- Faster Bulk Configuration: The Assign workflow reduces repetitive setup work for administrators.
- Immediate Enforcement: Permission changes become active instantly after saving.
- Flexible Role Overrides: User-specific permissions can override role defaults without modifying the underlying role structure.
The User Permissions system in Horilla CRM enables administrators to manage model-level access with precision and flexibility.
Available through Settings → Roles and Permissions → Permissions, the interface allows permissions to be assigned individually or in bulk across multiple users.
With support for Create, Change, View, Delete, and their Own-based variants, Horilla CRM provides the level of control required for modern CRM environments while ensuring secure and consistent access enforcement across the application.
