Roles define what users can do in Qwoty — which objects they can read, write, or delete, which settings they can manage, and which app-level actions they can perform. You assign one role to each user to control their permissions across the platform.Documentation Index
Fetch the complete documentation index at: https://docs.qwoty.io/llms.txt
Use this file to discover all available pages before exploring further.
You must have the Admin role to view, create, or modify roles.
System roles
Qwoty provides four predefined system roles that cover the most common permission levels. You cannot edit or delete system roles.- Admin — Full access to all workspaces, settings, and configuration. Can manage users, roles, templates, catalogs, and all system features.
- Manager — Access to the entire workspace. Can approve quotes, view reports, and manage team activities.
- Sales Rep — Can create and manage quotes, customers, and Dealrooms. No access to system settings or team-wide reports.
- Viewer — Read-only access. Can view quotes and data but cannot create or edit anything.
The API name for Sales Rep is
Sale for backwards compatibility with earlier versions.Custom roles
You can create custom roles to define granular permissions that match your organization’s needs. Custom roles appear with a Custom badge in the roles list and can be edited or deleted at any time. Use custom roles to:- Grant partial access to specific modules (for example, catalogs only, or reports only)
- Restrict actions on an object family (for example, read customers but never delete)
- Scope project visibility by team, business unit, or workspace
- Enable or disable transversal actions like CSV imports and exports
The permission model
A Qwoty role configures permissions across three distinct areas.Objects — CRUD per object family
The Objects section controls what users can read, write, or delete, broken down by object family. You set one checkbox per action per family.| Object family | Objects concerned | Actions |
|---|---|---|
| Project | Quote, contract, order | Read / Write / Delete |
| Products & Pricing | Catalogs, Products, price grid | Read / Write / Delete |
| Customers | Customers | Read / Write / Delete |
| Workflow | Approval, workflow, configurator | Read / Write / Delete |
| Content | Contract model, media, content | Read / Write / Delete |
| Templates | Project templates | Read / Write / Delete |
Project Access Level
At the top of the Objects section, the Project Access Level dropdown controls the scope of projects a user can see, regardless of their Read/Write/Delete rights.- Workspace — The user can access projects across the entire workspace
- Team — The user only accesses projects created by their team
- Personal — The user only accesses projects they created themselves
Settings — toggle per admin area
The Settings section controls access to administration zones. Each zone has a single Authorize toggle.| Setting | What it unlocks |
|---|---|
| Workspace | Set global workspace preferences |
| User & Teams | Add or remove users and define teams |
| Roles | Define user roles and access levels |
| Data | Edit CPQ data structure and fields |
| Developers | Manage integrations, API keys, and webhooks |
| Organization | Manage multi-tenant org and billing |
Settings access is binary — a user either has full access to a zone or none. If you need finer control, keep the zone off and delegate configuration to an Admin.
Apps — transversal app-level actions
The Apps section controls transversal capabilities that apply across modules.| Action | Description |
|---|---|
| Import CSV | Allow importing data from CSV files |
| Export CSV | Allow exporting data to CSV files |
| Overpass sales restriction | Allow bypassing restrictions such as approvals, discount caps, and pricing guardrails |
How roles work with teams
Roles define what users can do. Teams define which resources they can access. The Project Access Level in a role connects the two.| Element | Controls | Example |
|---|---|---|
| Role | Feature access and actions | A Sales Rep can write quotes; a Viewer cannot |
| Team | Group of users | A Sales Rep belongs to the France team |
| Project Access Level | Scope of visible projects | Team limits the Sales Rep to France team quotes |
Team, they only see resources scoped to that team. Change it to Workspace and they see everything.
Access the roles screen
View the roles list
The roles table displays:- Role — The role name
- API name — Technical identifier used for integrations and API calls
- Type — System (green badge) or Custom (gray badge)
Create a new role
Set the role identity
Enter the role name and API name. The API name cannot contain spaces or special characters.
Configure object permissions
Select the Project Access Level (Workspace, Team, or Personal), then check the Read, Write, and Delete boxes for each object family.
Configure settings access
Toggle Authorize on each setting zone the role should manage (Workspace, Users & Teams, Roles, Data, Developers, Organization).
Configure app-level actions
Toggle Authorize on each app-level action the role should perform (Import CSV, Export CSV, Overpass sales restriction).
View a system role
Edit a custom role
Delete a custom role
Assign a role to a user
You assign a role when you invite a new user or edit an existing one.Navigate to user management
Click Settings in the left sidebar, then click User under the Users & Team section.
Select the user
To invite a new user, click + Invite user. To edit an existing user, click the ⋮ menu next to their name and select Edit.
Common questions
Can I modify a system role?
Can I modify a system role?
No. System roles are locked to ensure Qwoty functions correctly. Create a custom role instead and configure the permissions to match your needs.
What happens if I delete a custom role assigned to users?
What happens if I delete a custom role assigned to users?
The role is removed, but users assigned to it remain in the system. You must manually reassign each user to a new role before they can access Qwoty again.
Can a user have multiple roles?
Can a user have multiple roles?
No. Each user is assigned exactly one role. If you need a combination of permissions, create a custom role that bundles them.
What is the API name used for?
What is the API name used for?
The API name is a technical identifier used in integrations, API calls, and automation scripts. It cannot contain spaces or special characters.
Do roles affect API access?
Do roles affect API access?
Yes. API requests authenticate using user credentials or API keys tied to a user account, so role permissions apply to API calls as well.
What happens when I change a user's role?
What happens when I change a user's role?
The change takes effect immediately. The user’s permissions update the next time they refresh their session or log in again.
What's the difference between Project Access Level and Read permission?
What's the difference between Project Access Level and Read permission?
Read permission decides whether a user can view quotes, contracts, and orders. Project Access Level decides which ones — all projects in the workspace, only their team’s, or only those they created themselves. Both must align for a user to see a project.
Why would I grant Overpass sales restriction?
Why would I grant Overpass sales restriction?
Grant this only to senior roles who legitimately need to bypass approval workflows, discount caps, or pricing guardrails — typically VP Sales, CRO, or Finance leads handling exceptions.
Related
Manage users
View, invite, and edit users in your workspace.
Manage teams
Organize users into teams to control access to templates and catalogs.
Workspace settings
Configure workspace-level settings and business units.
Approvals & workflows
Set up approval rules that depend on roles and team scope.