Team Management — Complete Guide

Overview

FuriosaCRM supports multi-user access with a role-based permission system. This means you can invite team members to collaborate on your account, each with appropriate access levels. Team members share the same resources (pages, audiences, campaigns) but their actions can be restricted based on their assigned role.

The platform uses a parent-child hierarchy. A Client Admin is the "parent" account owner who creates and manages their team. Client Users are "child" accounts that inherit the parent's resources, including their subscription plan, databases, and integrations. This hierarchy ensures clean data separation between different organizations while allowing flexible collaboration within each one.

There is no limit on the number of team members you can add on any paid plan. All team members are included in your subscription at no additional per-user cost. This makes FuriosaCRM ideal for agencies and larger teams that need multiple people accessing the same campaigns and audiences.

User Roles

FuriosaCRM has four distinct user roles, each with different access levels:

• Admin — Full platform access. Can manage all users, access any client's data, view server health, and perform system-level operations. This role is reserved for FuriosaCRM staff and is not available to customers.
• Client Admin — Full account access. Can create pages, manage audiences, send campaigns, configure integrations, manage billing, and add/remove team members. This is the account owner role.
• Client User — Configurable access. Inherits the parent Client Admin's resources but can be restricted to specific features based on permission settings. Can access pages, audiences, and campaigns, but cannot manage billing or add new team members unless explicitly permitted.
• Domain Only — Limited to domain management only. Can register domains, configure DNS, and manage domain settings. Cannot access pages, audiences, campaigns, or any other CRM features. Ideal for technical staff who handle domain setup.

Each role sees a tailored admin sidebar that only shows the features they can access. This prevents confusion and ensures users are not exposed to functionality they do not need.

Adding Team Members

To add a new team member, navigate to Users in the admin sidebar (visible to Client Admin and Admin roles). Click the + Add User button to open the user creation form. You will need to provide the new member's display name, email address, and initial password.

Select the appropriate role for the new member. For most team members, Client User is the right choice, as it lets you configure granular permissions. If the person only needs to manage domains, choose Domain Only. Once you have filled in the details, click Create User.

The new team member can immediately log in with the credentials you set. FuriosaCRM does not send invitation emails automatically, so you will need to share the login details with the new member. We recommend asking them to change their password after first login via Account Settings.

Configuring Permissions

Client User permissions are configured on the Edit User page, accessible by clicking the Edit button next to any team member. The permissions panel lets you toggle access to specific features on or off for that user.

Available permission settings include:

• Page Builder — Access to create, edit, and manage signup pages.
• Audiences — Access to view, import, and manage audience contacts and groups.
• Campaigns — Access to create and send email, SMS, and WhatsApp campaigns.
• Integrations — Access to connect and manage third-party integrations.
• Ads Manager — Access to the unified advertising dashboard (also requires Pro+ plan or ads_manager_override).
• Tools — Access to the Postcode Analyzer, Clean Numbers, and Privacy Builder.
• Settings — Access to page settings and custom domain configuration.

Permissions are stored in the user_permission session variable and checked on every page load. When a permission is disabled, the corresponding sidebar item is hidden and direct URL access returns a "Permission Denied" message. Changes to permissions take effect the next time the user loads a page (no logout required).

Admin Impersonation

The Admin role has a special "View As" capability that allows platform administrators to impersonate any user in the system. This is primarily used for troubleshooting — when a user reports an issue, an admin can switch into their session to see exactly what they see, including their data, permissions, and interface state.

To impersonate a user, admins navigate to the Users section, find the user they want to impersonate, and click the View As button. The admin's session is temporarily replaced with the target user's session variables, and a prominent banner appears at the top of the page indicating that impersonation is active. Click Exit Impersonation to return to the admin's own session.

Impersonation is logged in the activity system. Every page view and action performed during impersonation is tagged with both the admin's identity and the impersonated user's identity. This ensures full accountability and prevents misuse.

Activity Logging

FuriosaCRM logs significant user actions for audit and accountability purposes. The activity log captures events like user login, page creation/editing, audience imports, campaign sends, settings changes, and user management actions. Each log entry includes the user who performed the action, the action type, a description, and a timestamp.

The activity log is accessible to Client Admins for their own team's actions, and to Admins for all users across the platform. Logs are retained for 12 months and can be filtered by user, action type, and date range. The log is powered by the logActivity() function, which is called throughout the codebase whenever a significant event occurs.

Activity logging is non-blocking — it does not slow down the user's action. Log entries are written asynchronously and do not affect page response times. If you need to export the activity log for compliance or auditing purposes, use the Export button to download a CSV file of the filtered log entries.

Best Practices

Follow these recommendations to maintain a secure and well-organized team structure.

• Principle of least privilege: Assign the minimum permissions each team member needs to do their job. A marketing coordinator does not need access to billing. A domain administrator does not need access to audiences.
• Use descriptive display names: Full names (not nicknames or initials) make activity logs much more useful when reviewing actions.
• Regular access review: Every quarter, review your team members list and remove accounts for people who have left the organization. Stale accounts are a security risk.
• Separate accounts for each person: Never share login credentials between team members. Each person should have their own account so actions can be properly attributed in the activity log.
• Use Domain Only for technical staff: If someone only needs to set up DNS records and manage domain configurations, the Domain Only role prevents accidental access to sensitive audience data.
• Enable 2FA for all accounts: As a Client Admin, encourage all team members to enable two-factor authentication. This adds a critical second layer of protection against unauthorized access.