Permissions & Roles
Rev Forge uses role-based access control (RBAC) to manage what team members can see and do. Permissions are assigned at the agency level and can be scoped to specific clients.
Roles
Agency Owner
Full access to everything. Can manage billing, delete the agency, and transfer ownership.
Admin
Can manage team members, configure settings, and access all clients. Cannot delete the agency or manage billing.
Member
Standard access. Can only see clients they’ve been explicitly granted access to. Permissions determine what actions they can perform.
Permission Format
Permissions follow the pattern resource:action:
| Permission | Description |
|---|---|
leads:read | View leads |
leads:create | Create new leads |
leads:update | Edit existing leads |
leads:delete | Delete leads |
leads:manage | All lead actions (includes read, create, update, delete, export) |
The manage permission is a shorthand that grants all actions for a resource.
Available Resources
Permissions are available for: leads, contacts, companies, deals, campaigns, tasks, workflows, reports, emails, and team settings.
Client-Level Access
Members must be granted access to each client individually:
- Go to a client’s Settings → Access
- Add the team member
- Their agency-level permissions apply within that client
A member with leads:read permission who has access to Client A can view that client’s leads, but cannot see Client B’s leads unless also granted access.
Tips
- Start with restrictive permissions and expand as needed
- Use the
managepermission sparingly — it grants full access to a resource - Review permissions quarterly as team roles evolve