Roles
Roles let you define what each user can see and do in your PBX.IM account. Each role combines special permissions (account-wide toggles) with module-level permissions (per-feature access).
Table of Contents
- Access Roles
- Default Roles
- Create a Role
- Special Permissions
- Module Permissions
- Edit a Role
- Common Use Cases
Access Roles
Log into PBX.IM Dashboard, go to Settings, then select Roles.
You will see a table listing all roles in your account. Each role shows its name and a short description.
Default Roles
PBX.IM includes four built-in roles:
| Role | Description |
|---|---|
| Agent | Makes and receives calls |
| Supervisor | Monitors information without making changes |
| Admin | Manages the account |
| Financial | Manages most financial aspects |
Default roles that belong to the system (account ID 0) cannot be edited.
Create a Role
Click Add Role in the upper right corner. A dialog opens with two sections: special permissions on the left and module permissions on the right.
| Field | How to use it |
|---|---|
| Name | Enter a descriptive name for the role. |
Special Permissions
Special permissions are account-wide toggles (checkboxes) that grant or restrict broad capabilities.
| Permission | How to use it |
|---|---|
| Call Center API | Allows access to the call center API. |
| Finance | Grants access to financial information and settings. |
| Listen to Own Calls Recordings | Lets users play back their own call recordings. |
| Change Own Password | Allows users to change their own password. |
| User Profile Edit | Lets users edit their own profile details. |
| Disallow Changing Pause | Prevents users from changing their pause status in queues. |
Module Permissions
Module permissions control access per feature. Each module can be set to one of four levels:
| Level | Meaning |
|---|---|
| Default (Disabled) | Inherits the default setting, which is disabled. |
| Disabled | No access to this module. |
| Read Only | Can view the module but cannot make changes. |
| Read / Write | Full access to view and modify the module. |
The available modules are:
| Module | Description |
|---|---|
| Account | General account settings |
| Announcements | Audio announcements |
| CDR | Call detail records |
| Conference Rooms | Conference bridge settings |
| Call Queues | Call center queue configuration |
| Pause Reasons | Call center pause reason management |
| Endpoints | Device and endpoint settings |
| Dial Rules | Outbound dialing rules |
| Phone Numbers | DID numbers and routing |
| Extensions | Extension configuration |
| Intercept Groups | Call intercept group settings |
| IVR | Interactive voice response menus |
| Labels | Call and contact labels |
| Media | Media file management |
| Permission Groups | Role and permission group settings |
| Contacts | Phonebook contact management |
| Ring Groups | Ring group configuration |
| Time Conditions | Time-based routing rules |
| Call Forwarding | Forwarding rules |
| Users & Roles | User management |
| User Groups | User group configuration |
| User Profile | User profile settings |
| Voicemail | Voicemail box configuration |
A red dot appears next to a module name when its permission has been changed but not yet saved.
Edit a Role
Click on any role row in the table to open the edit dialog. Make your changes and click Save.
Only Admin users with Read/Write permission on Permission Groups can edit roles. System-level roles (those not created by your account) cannot be modified.
Common Use Cases
Restrict agents to phone-only access -- Create a role with Read Only on CDR and Disabled on Account, Finance, and Users & Roles. Assign it to agents who should only make calls and view their own history.
Give supervisors monitoring access -- Create a role with Read Only on CDR, Call Queues, and Extensions. Enable "Listen to Own Calls Recordings". This lets supervisors review activity without changing configuration.
Dedicated billing role -- Create a role with the Finance special permission enabled and most modules set to Disabled. This limits the user to financial operations only.
Team lead with limited admin rights -- Create a role with Read/Write on Users & Roles, Extensions, and Ring Groups, but Disabled on Account and Finance. This lets team leads manage their team without accessing billing or account-wide settings.