Roles and permissions
Roles control what each person in your firm can see and do in Esqase. Every member is assigned exactly one role, and that role's permissions decide which areas of the app appear in their sidebar and which actions (like creating a matter or sending an invoice) they can take. This page shows you how to view, create, and fine-tune roles so each person has exactly the access they need.
A "role" is a named bundle of permissions (for example, Attorney or Staff). A "permission" is a single right to do one thing in one area of the app, expressed as four levels: View, Create, Update, and Delete.
Before you begin
- Roles live under Settings. In the sidebar, click Settings, then open Roles.
- Working with roles is itself permission-controlled:
- To open the Roles page and view roles, your role needs View access for Roles.
- To see the Create role button, your role needs Create access for Roles.
- To edit a role, change its permissions, or archive or restore it, your role needs Update access for Roles.
- To permanently delete an archived role, your role needs Delete access for Roles.
- Firm owners always have full access to everything, including roles, regardless of the grid.
- If your role does not include View access for Roles, you will see a "no access" message instead of the roles list.
Note: Changing a role's permissions affects everyone assigned to that role, not just one person. Plan changes carefully before you save.
View the roles list
The Roles page lists every role in your firm and lets you filter, search, and open any role for editing.
- In the sidebar, click Settings.
- Open Roles. The page heading reads Roles.
- Review the table. Each row shows:
- Name: the role's name (for example, Attorney).
- Description: a short summary of what the role is for. A dash (-) appears when no description is set.
- Status: whether the role is Active or Archived.
- Last updated: when the role was last changed.
- Use the tabs above the table to filter by status:
- All: every role, active and archived.
- Active: roles currently in use (the default view).
- Archived: roles you have set aside.
- To find a specific role, type in the Search roles box. Click Clear filters to reset.
📷 Screenshot: The Roles page showing the table with Name, Description, Status, and Last updated columns, the All / Active / Archived tabs, the Search roles box, and the Create role button in the top right.
Suggested image: images/roles-and-permissions/roles-list.png
Every role row has a View button that opens the role detail page. Roles you are allowed to manage also show a More role actions button (the three-dot menu) next to View for archiving, restoring, or deleting. The firm's owner role is protected and does not show this menu.
Tip: Sort the table by clicking a column header (for example, Name or Last updated).
Create a custom role
Custom roles let you match Esqase access to the way your firm actually works (for example, a Paralegal or Billing clerk role with its own mix of permissions).
- On the Roles page, click Create role in the top right.
- In the Create role dialog, fill in:
- Name (required): a short name for the role, up to 64 characters. A placeholder suggests an example like Paralegal.
- Description (optional): a short summary of the role's responsibilities, up to 500 characters.
- Click Create role to save. (The button shows Creating... while it works.) To back out, click Cancel.
- On success, you see a Role created confirmation and Esqase takes you straight to the new role's detail page so you can set its permissions.
📷 Screenshot: The Create role dialog with the Name field filled in (for example, "Paralegal"), the Description field, and the Create role and Cancel buttons.
Suggested image: images/roles-and-permissions/create-role-dialog.png
Important: A new role starts with no permissions granted. Until you turn on permissions for it (see Edit a role's permission grid below), anyone assigned to it will have very limited access. Set the permissions before you assign people to the role.
What happens after you create a role
- The role appears in the Roles list with an Active status.
- It becomes available to assign to members. See Managing firm members to assign a role to someone, and Joining a firm (accepting an invite) for how new members get a role when invited.
Edit a role's name and description
You can rename a role or update its description at any time. This does not change its permissions.
- On the Roles page, click View on the role you want to change.
- On the role detail page, click Edit role in the top right.
- In the Edit role dialog, update the Name or Description field.
- Click Save changes. (The button shows Saving... while it works.) On success you see a Role updated confirmation.
📷 Screenshot: The role detail page header showing the role name, the Settings > Roles breadcrumb, and the Edit role button.
Suggested image: images/roles-and-permissions/role-detail-header.png
Note: The Edit role button only appears if your role has Update access for Roles and the role is not a protected role (the firm owner role and any locked role cannot be edited). For protected roles, the Edit role button is hidden.
The role detail page also has a sidebar on the right under Role information and Other information that shows the role's Description, Status, Role ID, and when it was created and last updated, and by whom. Click the copy icon next to Role ID if you ever need to copy the role's identifier.
Edit a role's permission grid
The heart of a role is its permission grid. Here you choose which areas of the app the role can reach and what it can do in each. Esqase saves every change instantly, so there is no separate Save button on this grid.
- On the Roles page, click View on the role you want to configure.
- Scroll to the Permissions section. Its subheading reads Choose which modules this role can access and what it can do in each.
- Permissions are organized into collapsible groups (for example, Member & roles, Contacts, Matters, Tasks, Billing, Developers). Click a group heading to expand or collapse it. The badge on each group (for example, 3/4) shows how many areas in that group are turned on. The Developers group holds the API keys permission, which controls who can create and revoke developer API keys; it is off for everyone except owners and administrators by default. See Managing API keys.
- Inside a group, each row is one area of the app (for example, Contacts, Tags, Invoices). Each area has four checkboxes:
- View: the role can see this area and its records.
- Create: the role can add new records here.
- Update: the role can edit existing records here.
- Delete: the role can remove records here.
- Tick or untick the checkboxes to grant or remove each permission. Each change saves on its own; you see Saving permissions... and then Permissions saved.
📷 Screenshot: The Permissions section on a role detail page with one group expanded (for example, Contacts), showing the rows of app areas and the View, Create, Update, and Delete checkboxes, plus the group badge and Select all controls.
Suggested image: images/roles-and-permissions/permission-grid.png
How the four permission levels relate to each other
Esqase keeps the four levels consistent so you cannot grant a combination that does not make sense:
- View is the foundation. Create, Update, and Delete all require View. If View is off, the other three are disabled (greyed out).
- Delete requires Update. You cannot let a role delete records it cannot edit, so Delete is disabled until Update is on.
- Turning View off for an area clears that area's other three permissions automatically.
- Turning Update off also clears Delete for that area.
- Ticking Create, Update, or Delete automatically turns on View (and Update for Delete) so the row stays valid.
Tip: An area with no permissions at all is hidden from members with that role. They will not see that section in their sidebar or be able to open it.
Shortcuts for setting many permissions at once
The grid includes helpers so you do not have to click every box:
- Each row has a checkbox at the far left. Ticking it grants all four permissions (View, Create, Update, Delete) for that one area; unticking it removes all four.
- Each group has a Select all row near the top. Its left checkbox grants full access to every area in the group at once. The four checkboxes beside it apply a single level (for example, View) to every area in the group.
- Use the column checkboxes in the Select all row to, say, turn on View for an entire group with one click.
📷 Screenshot: Close-up of the Select all row at the top of a permission group, highlighting the group-level checkbox and the per-column (View / Create / Update / Delete) checkboxes that apply to the whole group.
Suggested image: images/roles-and-permissions/permission-select-all.png
Important: The permission grid for the firm owner role and any locked role is read-only. The checkboxes appear but cannot be changed. The owner always has full access, so there is nothing to configure.
See who has this role
Below the Permissions section, the Members section lists everyone in your firm currently assigned to this role. This is read-only here; to move someone to a different role, see Managing firm members. The Members section only appears if your role can view members.
Archive and restore a role
Archiving a role hides it from everyday use without deleting it. Archived roles cannot be assigned to new members, but their settings are preserved so you can bring them back later.
Archive a role
- On the Roles page, find the role and click the More role actions button (three dots) next to View.
- Click Archive.
- If the role has no members, it is archived immediately and you see a '<role name>' archived confirmation.
- If the role still has members, Esqase opens the Transfer members and archive dialog instead, because a role cannot be archived while people are assigned to it. Follow Transfer members from one role to another below.
📷 Screenshot: The three-dot More role actions menu on a role row, open to show the Archive option.
Suggested image: images/roles-and-permissions/role-row-actions-menu.png
Restore a role
- On the Roles page, click the Archived tab (or All) to see archived roles.
- Click the More role actions button on the archived role.
- Click Restore. You see a '<role name>' restored confirmation, and the role returns to Active status and can be assigned again.
Note: The Archive and Restore options only appear if your role has Update access for Roles. Protected roles (the firm owner role and locked roles) do not show these options.
Transfer members from one role to another
A role must be empty before it can be archived or deleted. Esqase makes this easy by letting you move everyone from one role to another in a single step, then archiving the original.
This dialog opens automatically when you try to Archive a role that still has members.
- From the Transfer members and archive dialog, read the prompt: This role has members. Pick a role to move them to before archiving '<role name>'.
- In the Transfer members to field, select the destination role. (The list shows your firm's active roles; the role you are archiving and the firm owner role are excluded.)
- Click Transfer and archive. (The button shows Archiving... while it works.) To stop, click Cancel.
- Esqase moves every member to the chosen role and then archives the original role. You see a '<role name>' archived confirmation.
📷 Screenshot: The Transfer members and archive dialog with the Transfer members to dropdown open, and the Transfer and archive and Cancel buttons.
Suggested image: images/roles-and-permissions/transfer-members-dialog.png
Important: Everyone moved to the destination role immediately takes on that role's permissions. Make sure the destination role is appropriate for those people before you confirm.
Delete a role after transferring its members
Deleting a role removes it permanently. Because of this, a role can only be deleted once it is archived and has no members.
- First make sure the role has no members. If it does, archive it via Transfer members from one role to another, which moves everyone out and archives the role.
- On the Roles page, switch to the Archived tab (or All) and find the role.
- Click the More role actions button, then click Delete.
- In the Delete role? confirmation, read the warning: '<role name>' will be permanently removed. This can't be undone.
- Click Delete role to confirm. (The button shows Deleting... while it works.) On success you see a '<role name>' deleted confirmation.
📷 Screenshot: The Delete role? confirmation dialog showing the warning text and the Delete role button.
Suggested image: images/roles-and-permissions/delete-role-confirm.png
Note: The Delete option only appears on archived roles, and only if your role has Delete access for Roles. You cannot delete an active role or the firm owner role.
Troubleshooting
- The Delete option is missing. Delete only appears once the role is archived. Archive the role first (transferring any members), then open the menu again.
- I cannot archive a role. If the role still has members, the Transfer members and archive dialog opens automatically. Pick a destination role to continue.
- There is no three-dot menu on a role. That role is the firm owner role or a locked role, which are protected and cannot be archived, edited, or deleted. You can still open it with View.
The default roles
When your firm is created, Esqase sets up four roles automatically so you can start working right away. You can rename them, edit their descriptions, and (except for the owner role) adjust their permissions to fit your firm.
Owner
The Owner role belongs to the person who created the firm. It has full access to everything in Esqase, all areas and all four permission levels, and its permission grid cannot be changed. A few sensitive actions are reserved for owners only, including:
- Inviting another person as an owner.
- Promoting an existing member to owner.
- Managing the firm's Esqase subscription (see Your Esqase subscription).
Administrator
The Administrator role has full View, Create, Update, and Delete access to every area of the app. It is meant for firm admins and office managers who run the day-to-day setup. The only things an administrator cannot do are the owner-only actions listed above.
Attorney
The Attorney role is geared toward lawyers handling casework. By default it includes:
- Full access (View, Create, Update, Delete) to Contacts, Tags, Matters and matter tasks, Tasks (and task types, lists, and stages), Practice areas, Custom fields, Activities and activity categories (time entries and expenses), Email templates, Event types and Calendar, Documents, Notes, Communications, Forms, Leads, Sources, Workflows, Invoices, and Payments.
- View only on Members, Member schedule, Firm schedule, Firm contact info, Firm address, Lead stages, Lead matter types, Transactions, Accounts, and Taxes.
- No access to Invites, Roles, API keys, and the firm's matter, lead, task, invoice, and payment settings.
Staff
The Staff role is a lighter, support-focused role. By default it includes:
- View, Create, and Update (but not Delete) on Tasks, Custom fields, Event types, Calendar, Documents, Notes, Communications, Forms, Leads, Sources, Invoices, and Payments.
- View only on Members, Member schedule, Contacts, Tags, Matters and matter tasks, Task types/lists/stages, Practice areas, Activities and activity categories, Email templates, Firm schedule, Firm contact info, Firm address, Lead stages, Lead matter types, Workflows, Accounts, and Taxes.
- No access to Invites, Roles, API keys, Transactions, and the firm's matter, lead, task, invoice, and payment settings.
Tip: These defaults are a starting point. Adjust any role (other than Owner) to match your firm, or create new custom roles for anything in between.
How permissions change what a member sees and does
Permissions are not just a list; they actively shape each person's experience of Esqase:
- Navigation. Areas a member has no access to are hidden from the sidebar. If someone's role has no permission for Invoices, for example, they will not see the billing area at all.
- Buttons and actions. Within an area, the level of access controls which buttons appear. Without Create, a member will not see "New" buttons. Without Update, edit options are hidden. Without Delete, delete actions are unavailable.
- Read-only views. A member with View only can open and read records but cannot change them.
- Firm owners always bypass these checks and can do everything.
When a member's access seems wrong, check two things: the member's assigned role (on the Managing firm members page) and that role's permission grid (here). Changes to a role apply to everyone who has it.
Common questions
- If I change a role's permissions, when does it take effect? The grid saves instantly. Members with that role pick up the new access the next time they load the affected page.
- Can one person have two roles? No. Each member has exactly one role. To change someone's access, either edit their current role or move them to a different role.
- What if I remove an area's permissions while someone is using it? They lose access to that area going forward. Anything they already had open may stop working until they navigate away.
- Can I delete the Owner, Administrator, Attorney, or Staff role? The Owner role cannot be deleted. The other defaults can be archived and deleted like any custom role once they have no members, but most firms keep them.