Your assistant doesn't need to see every client.
Most CRMs give you admin or member. That's it. Real practices need finer cuts: the assistant who tracks invoices but shouldn't open case files. The contractor who sees only their own clients. The finance team that needs reports but not the AI. We built three axes you can layer however your firm actually works.
Sarah Chen
Apply preset
ManageData scope
All clients
Their team
Skilled migration · 4 members
Assigned only
Module access
Three axes. Layer them however you need.
Each axis tightens what a member can do. Defaults are wide-open so existing teams keep working; tighten only where it matters.
Data scope
Which client records this member can see. Three options: every client in the org, only their team's clients, or only the clients they're personally assigned to. Filtering happens at the database layer so a direct API call returns the same restricted set as the UI.
Module access
Switch off any of ten surfaces per member: clients, cases, communications, Harper AI, documents, invoices, reports, billing, settings, team management. Block a module and it disappears from the sidebar and the API. Defaults follow role rules, so you only flip what needs restricting.
Role templates
Build a Finance role once - block client/case access, allow invoices/reports - and apply to every finance team member. Pair the role with a sub-team to set it as the team default, then hit Sync to push changes to every team member at once. Roles are saved snapshots, not live bindings, so deleting a role later never accidentally regrants access.
Built for how migration practices actually run.
Four scenarios firms have asked us to support. Each is a few clicks in settings.
Scenario 1
Assistant who handles billing only
Block clients, cases, communications, Harper AI. Leave invoices, reports, billing on. They see invoice totals and chase payments without reading client personal details.
Scenario 2
Contractor on a single matter
Set data scope to assigned-only. Assign them the two clients they're working on. Everything else in the firm stays invisible to them. Removing the assignment later cuts access immediately.
Scenario 3
Skilled migration pod
Two case managers + their lead share a sub-team. Each member is scoped to the team, so they see every client any teammate is assigned to but nothing from the family-visa side of the firm.
Scenario 4
Senior partner who avoids tools
Admin role, billing module off so they never accidentally see payment details. Data scope still all-clients so they can review any matter. One ticked checkbox, no other config.
Security
Restrictions enforced at the database. Not just in the UI.
Some products show fewer rows in the interface but return the full list if you call the API directly. We don't. Every read - the in-app list, a CSV export, an AI query, a direct request to our API - filters by the same agent-id rule. A scoped member calling the API gets the same restricted set as the UI shows them. Module blocks short-circuit the whole route, not just hide a button.
Per-record agent filter
WHERE clauses on every list endpoint
Harper AI honours scope
Harper refuses to read a client outside the caller's scope
Org-isolated by default
Cross-org access is impossible. Period.
Included on every Pro plan.
- Three data scopes - all clients / their team / assigned only
- Ten module switches per member
- Unlimited named role templates
- Sub-team grouping with optional team lead
- Default role on a team - apply once, sync any time
- Server-side enforcement on every list, detail, export and AI call
- Cross-org isolation guaranteed at the database layer
- No extra cost - included with Pro
Start with the defaults. Tighten as you grow.
Every feature here is on by default for Pro. New members start with admin or member role; tighten data scope or block a module the day you need to.