Skip to main content
This guide uses a sales base with three tables: Customers, Sales Orders, and Products. The goal is to let each role work with the data it needs without exposing the whole base.
RoleAccess goal
Sales DirectorView customer and sales data, comment on products, and avoid changing product prices.
Sales RepView and update only their own customers and orders, create new customers, and avoid deleting completed orders.
Data Entry ClerkAdd new products without seeing existing products, customers, or orders.
Turn on the Authority Matrix before relying on role permissions.
Enable the Authority Matrix

Create the Roles

1

Enable the Authority Matrix

Open the Authority Matrix page in the base and turn on the main switch. The user who enables it is added as an administrator.
2

Add custom roles

Click Add role and create Sales Director, Sales Rep, and Data Entry Clerk.
Create three roles: Sales Director, Sales Rep, Data Entry Clerk

Configure Sales Director

The Sales Director needs broad visibility, but product prices should stay protected from accidental edits.
NodeSetting
CustomersSet the table to Can edit. Keep record and field permissions open so the role can view customer data.
Sales OrdersSet the table to Can edit. Keep record and field permissions open so the role can review sales activity.
ProductsSet the table to Can edit, then allow only Read record and Comment on record in record permissions.
Configure Sales Director permissions Assign members from the role list with Add user or Add from organization, then make sure the role switch is enabled. Add members to the Sales Director role After setup, a Sales Director can review customer and order data, comment on products, and avoid changing product records. Sales Director view after permissions are configured

Configure Sales Rep

The Sales Rep role uses record filters so each rep works only with records where they are the owner.

Customers

Set Customers to Can edit.
Permission areaSetting
Record permissionsChoose records that match specific conditions. Add a filter such as Sales Rep is Me (current user).
Record operationsAllow Read record, Update record, and Create record. Leave Delete record off if reps should not delete customer records.
Configure an owner-based record filter for Sales Rep Configure Sales Rep customer permissions

Sales Orders

Set Sales Orders to Can edit.
Permission areaSetting
Record permissionsUse the same owner-based filter, such as Sales Rep is Me (current user).
Record operationsAllow Read record and Create record. Leave Update record and Delete record off if completed orders should stay unchanged.
Field permissionsHide sensitive fields such as Payment Method by turning off Read record for that field.
Configure Sales Rep order permissions Assign sales reps to the role and keep the role enabled. Add members to the Sales Rep role Each sales rep now sees only the customer and order records that match the owner filter. Preview of the Sales Rep view

Configure Data Entry Clerk

The Data Entry Clerk only needs to add products.
NodeSetting
ProductsSet the table to Can edit. In record permissions, allow only Create record.
Product fieldsIf linked order data should stay hidden, turn off Read record for the Orders linked field.
Customers and Sales OrdersKeep these tables as No access.
Configure Data Entry Clerk permissions Assign clerks to the role and keep the role enabled. Add members to the Data Entry Clerk role After setup, the Data Entry Clerk can add new product records but cannot browse existing product, customer, or order data. Preview of the Data Entry Clerk view

Sales Review View

Use this setup for sales reviews: reps can see the full customer list, but can only edit customers they own.
During a review, reps may need to see every customer record to compare follow-up patterns and customer status. Day-to-day editing should still stay limited to the customers they own, so they do not change another rep’s records by mistake. Keep the existing Sales Rep role, then add a read-only role for company-wide customer visibility. A rep can use the read-only role to view all customers and use the Sales Rep role to update only the customers they own.

Create a Read-Only Role

Click Add role and create a read-only role, such as Global Customer Viewer.

Configure Customer Access

Set Customers to Can edit. In record permissions, allow only Read record. Do not enable Update record, Delete record, or Create record. Leave the record filter empty so this role can view all customer records. Configure read-only customer permissions for Global Customer Viewer

Assign Sales Reps

Return to the role list and add the sales reps who need review access to Global Customer Viewer. Add members to the Global Customer Viewer role When a user has both Sales Rep and Global Customer Viewer, Teable combines the permissions. The user can view all customer records, but can update only records allowed by the owner-based Sales Rep role. Sales Rep view with Global Customer Viewer permissions
Last modified on May 28, 2026