Skip to main content
Roles control what users can do in your Twenty workspace. Assign roles to grant appropriate access levels to team members.

Understanding Roles

Roles define:
  • What users can see - Which objects and records
  • What users can do - Create, edit, delete permissions
  • What users can configure - Settings and workflows access
  • Administrative privileges - Workspace management capabilities
Each workspace member has exactly one role.

Default Roles

Twenty includes built-in roles:

Admin

Full workspace access:

Data Access

  • View all records
  • Edit all records
  • Delete records
  • Import/export data

Configuration

  • Manage data model
  • Create/edit workflows
  • Configure integrations
  • Manage workspace settings

User Management

  • Invite members
  • Assign roles
  • Remove members
  • View activity logs

Billing

  • Manage subscription
  • View usage
  • Update payment methods
  • Access invoices
Workspace owners are automatically admins and cannot have their role changed.

Member

Standard user access: 
Data Permissions:
  - View: All objects
  - Create: Yes
  - Edit: Own records and shared records
  - Delete: Own records only
  
Configuration:
  - Data model: No access
  - Workflows: View only
  - Integrations: Connect own accounts only
  
User Management:
  - No access to user management
Best for:
  • Sales reps
  • Customer success team
  • Most team members

Viewer

Read-only access: 
Data Permissions:
  - View: All objects (based on sharing)
  - Create: No
  - Edit: No
  - Delete: No
  
Configuration:
  - Read-only access to views
  - Cannot modify anything
  
User Management:
  - No access
Best for:
  • Executives (view metrics)
  • External consultants
  • Temporary access

Creating Custom Roles

Create roles tailored to your team:
1

Navigate to roles

Go to Settings → Security → Roles.
2

Click New Role

Select + New Role to create a custom role.
3

Name the role

Give it a clear, descriptive name:
Sales Manager
Marketing Team Member
Customer Support Agent
Sales Development Rep
4

Set base permissions

Choose starting template:
  • Start from Member
  • Start from Viewer
  • Start from scratch
5

Configure object access

For each object, set permissions:
Companies:
  View: All
  Create: Yes
  Edit: All
  Delete: Own only

Opportunities:
  View: Team + Own
  Create: Yes
  Edit: Own only
  Delete: No
6

Set field permissions

Control access to sensitive fields:
Company.Annual Revenue:
  View: Yes
  Edit: No (read-only)

Opportunity.Commission:
  View: No (hidden)
  Edit: No
7

Configure settings access

Allow/deny access to specific settings:
Workspace Settings: No
Data Model: No
Workflows: View only
Integrations: Own only
8

Save the role

Click Create Role to save.

Role Configuration

Object-Level Permissions

Control access to entire objects:
Who can see records:Options:
  • All - See all records in object
  • Team - See team’s records
  • Own - See only own records
  • Shared - See explicitly shared records
  • None - Cannot see object
Example:
Sales Rep:
  Companies: View All
  Opportunities: View Team + Own
  Internal Projects: View None

Field-Level Permissions

Control access to specific fields:
Fields user cannot see:
Example: Hide sensitive data

Opportunity.Cost:
  Sales Rep: Hidden
  Sales Manager: Visible

Company.Annual Revenue:
  SDR: Hidden
  Sales Rep: Visible
Fields user can see but not edit:
Example: Protect calculated fields

Lead.Score:
  Sales Rep: Read-Only
  (Calculated by workflow)

Opportunity.Close Date:
  Sales Rep: Read-Only
  Sales Manager: Editable
Fields user can view and modify:
Example: Normal access

Company.Name:
  All roles: Editable

Opportunity.Stage:
  Owner: Editable
  Others: Read-Only

Role Examples

Sales Manager Role

Role: Sales Manager
Description: Manages sales team and pipeline

Object Permissions:
  Companies:
    View: All
    Create: Yes
    Edit: All
    Delete: All
  
  People:
    View: All
    Create: Yes
    Edit: All
    Delete: Own
  
  Opportunities:
    View: All (entire sales org)
    Create: Yes
    Edit: All (team opportunities)
    Delete: Team
  
  Tasks:
    View: Team
    Create: Yes
    Edit: Team
    Delete: Own

Field Permissions:
  All fields visible and editable
  
Settings Access:
  - View reports: Yes
  - Export data: Yes
  - Manage workflows: Yes
  - Manage users: No
  - Data model: No

Sales Development Rep (SDR)

Role: SDR
Description: Qualifies leads and books meetings

Object Permissions:
  Leads:
    View: Own + Unassigned
    Create: Yes
    Edit: Own
    Delete: Own
  
  Companies:
    View: Related to own leads
    Create: Yes (when qualifying)
    Edit: Related only
    Delete: No
  
  People:
    View: Related to own leads
    Create: Yes
    Edit: Related only
    Delete: No
  
  Opportunities:
    View: No (not yet qualified)
    Create: Yes (when converting)
    Edit: No
    Delete: No

Field Permissions:
  Hidden:
    - Opportunity.Amount
    - Company.Annual Revenue
    - Any commission fields
  
  Read-Only:
    - Lead.Score (auto-calculated)
    
Settings Access:
  - Minimal configuration access
  - Connect own email only

Customer Success Manager

Role: Customer Success
Description: Manages customer accounts post-sale

Object Permissions:
  Companies:
    View: Customers only (Status = "Customer")
    Create: No
    Edit: Customer accounts
    Delete: No
  
  People:
    View: All at customer companies
    Create: Yes (new contacts)
    Edit: All
    Delete: No
  
  Opportunities:
    View: Closed Won only
    Create: Yes (upsell/renewal)
    Edit: Own opportunities
    Delete: No
  
  Support Tickets:
    View: All
    Create: Yes
    Edit: All
    Delete: No

Field Permissions:
  All customer-related fields visible
  Cannot see sales metrics
  
Settings Access:
  - View customer reports
  - Export customer data
  - No workflow management

Assigning Roles

Assign roles to workspace members:
1

Navigate to members

Go to Settings → Members.
2

Select user

Click on the member whose role you want to change.
3

Change role

Click the Role dropdown and select new role.
4

Confirm change

Click Save to apply the new role.
Role changes take effect immediately. User may need to refresh to see changes.

Bulk Role Assignment

Change roles for multiple users:
  1. Go to Settings → Members
  2. Select multiple members (checkboxes)
  3. Click Change Role in action bar
  4. Select new role
  5. Confirm bulk update

Role Best Practices

Grant minimum access needed:
  • Start restrictive
  • Add permissions as needed
  • Don’t give admin to everyone
  • Review permissions regularly
Match roles to responsibilities:
Sales:
  - SDR (lead qualification)
  - Sales Rep (closing deals)
  - Sales Manager (team oversight)

Support:
  - Support Agent
  - Support Manager

Operations:
  - Ops Analyst (reports)
  - Ops Manager (configuration)
For each role, document:
  • Who it’s for
  • What they can do
  • Why permissions are set this way
  • Examples of users with this role
Regular role audits:
  • Are permissions still appropriate?
  • New roles needed?
  • Roles need updates?
  • Users in correct roles?
Verify role works as expected:
  1. Create test user
  2. Assign new role
  3. Test permissions
  4. Verify access is correct
  5. Then assign to real users

Managing Roles

Editing Roles

Changing a role affects all users with that role immediately.
  1. Go to Settings → Security → Roles
  2. Click the role to edit
  3. Modify permissions
  4. Save changes

Deleting Roles

To delete a custom role:
  1. Ensure no users have the role
  2. Go to Settings → Security → Roles
  3. Click the role
  4. Select Delete
  5. Confirm deletion
Default roles (Admin, Member, Viewer) cannot be deleted.

Role Analytics

Monitor role usage:
  • Settings → Security → Roles → Analytics
  • See:
    • Users per role
    • Most/least used roles
    • Permission patterns
    • Access violations (attempted unauthorized actions)

Troubleshooting Roles

User Cannot See Records

Check:
  • Role’s view permission for object
  • Record ownership
  • Record sharing settings
  • Object visibility in settings

User Cannot Edit Field

Check:
  • Role’s field permissions
  • Field is not system field (always read-only)
  • Object edit permission granted
  • Field not locked by workflow

Permission Seems Inconsistent

Check:
  • Role definition
  • Record-level sharing overrides
  • Workflow automation may change things
  • Cache (have user refresh)

Next Steps

Access Control

Learn about record-level access control

Workspace Setup

Manage workspace members

Build docs developers (and LLMs) love

Get started for freeTalk to us