A structured sales process requires clear ownership and access control. This guide shows you where to find Tribe's standard documentation on roles and rights, and how to apply that framework specifically to invoicing. You might use this when defining who can create, modify, or view invoices, or when separating responsibilities between sales and finance teams. By following this guide, you will be able to configure role-based access for invoicing in a way that keeps your process both efficient and secure.
Background and Context
In Tribe, rights determine what actions a user can perform, such as reading, creating, modifying, or deleting data. Roles are collections of those rights that you assign to employees. By combining roles, you can tailor access levels across your organisation without configuring settings per individual.
Two default user types exist in Tribe: Administrator and User. Administrators have access to all configuration and account settings. Regular users can access standard CRM functionality, and their rights are adjusted from there through roles.
When it comes to invoicing, this distinction matters. Not every team member who works with a sales opportunity should be able to create or modify an invoice. Defining those boundaries upfront keeps your billing process controlled and your data consistent.
Where to Find the Standard Documentation
Tribe's full reference guide on roles and rights covers the complete permission structure: how rights are organised in layers, how inheritance works across entity and field levels, how to create a role, and how to review the effective rights of an individual employee.
Before configuring invoicing-specific access, familiarise yourself with that guide:
That article explains the five permission types available within every role:
Read
Create
Modify
Delete
Export
It also covers how rights are structured in layers across relationships, activity types, templates, pick lists, and configuration, and how each permission can be in one of three states: issued, denied, or not available.
Did you know?
When an employee is assigned to multiple roles, all granted rights are combined. Any granted permission always overrides a denied one from another role. This means you can safely layer an invoicing-specific role on top of a general user role without losing existing access.
Applying Rights to Invoicing
In Tribe, invoices are an activity type. Invoice-related permissions are therefore found within the Activities section when configuring a role. You can control access at the entity level (the invoice activity type as a whole) and at the field level (individual invoice fields such as amount, status, or payment terms).
A practical starting point is to think through the different responsibilities in your invoicing process and match them to permission levels:
Sales team: typically needs Read access to invoices to track what has been billed against an opportunity. In some organisations, sales users are also given Create rights on the Invoice activity so they can prepare a Concept invoice directly after closing a deal. This allows them to fill in the invoice date and get the invoice ready for finance to review and send. Sending the invoice document itself should remain the responsibility of the finance team. Whether or not sales users need Create rights depends on your organisation's way of working.
Finance or administration: needs Create and Modify rights to generate invoices, update payment status, and manage corrections.
Management or reporting roles: may need Read and Export rights to run financial reports from invoice data, without the ability to make changes.
Invoice templates — both PDF merge templates and email templates — have their own rights under the Templates section within a role. If a user needs to send invoices using a specific template, their role must include Read access to that template. Modify rights on a template should be restricted to the people responsible for maintaining your document standards.
Note: Export rights for invoices are controlled under the General section of a role and apply across all entities in that role. If you remove export rights, this affects all entities — not just invoices. Be intentional when using this setting.
Tips and Best Practices
Use a base role plus a topping approach. Start with a basic role that covers what most users need — for example, Read access to invoices as part of a general CRM role. Then create a separate invoicing role that adds Create and Modify rights, and assign it only to the people who need it. This keeps your role structure clean and easier to maintain as your team grows.
Keep role names clear and descriptive. A role named "Finance — Invoice Management" is easier to audit and assign than a generic "Role 2." This matters especially when reviewing access during team changes or audits.
Review access rights regularly. As your organisation grows or processes change, access that made sense initially may no longer be appropriate. Check the effective rights per employee using the key icon in Configuration > Users & Rights > Employees to confirm nothing has drifted.
Restrict Delete rights by default. Deleting an invoice is rarely the right action — in most cases a credit invoice is the correct correction path. Reserve Delete rights for administrators only, or remove them from invoicing roles entirely.
Test before rolling out. After configuring a new invoicing role, verify it by checking the effective rights of a test user before assigning it to the whole team. Unexpected inheritance from higher permission levels is easy to catch at this stage.
Quick Summary
Tribe's roles and rights framework gives you precise control over who can interact with invoices and how. Invoices are an activity type in Tribe, so their permissions live in the Activities section of a role. Invoice templates are managed separately under Templates. The most effective approach is to build a base role for general access and layer invoicing-specific permissions on top for the users who need them. Review the standard documentation on rights and roles for the full picture, and use the effective rights overview per employee to validate your setup before going live.