The CRM includes a serious security and support layer: role permissions by module and action, login rate limiting, suspicious-login handling, session management, audit logs across modules, impersonation, and safer support tooling for workspace operations.
Use permissions to reduce noise and risk
Permission design should reflect real responsibilities. Not every user should see every module, and not every role should be able to create, edit, delete, or approve the same kinds of records.
A good permission model makes the interface easier to use while also protecting the business. Users who only need a narrower slice of the system will usually work faster when the rest is hidden.
2FA, rate limiting, and sessions are daily operational controls
Security features are not just theoretical hardening. They affect the real login experience. The CRM supports 2FA email flows, rate limiting, suspicious login handling, and device/session management so teams can operate more safely.
Make sure email settings are reliable because weak mail setup is one of the fastest ways to make 2FA feel broken to real users.
Audit logs and job logs answer different questions
Use module-wide audit logs when you want a broader history of platform actions like creates, edits, and deletes across jobs, invoices, users, and more. Use the job log when you want to understand what changed within one specific operational record.
Together, these tools reduce guesswork. Instead of asking who changed something, you can verify it from the system history.
Impersonation and support tooling should be used carefully
Master-admin support tools allow controlled impersonation and lifecycle actions like suspend, archive, restore, and soft-delete. These are powerful features and should be used for diagnosis and support, not routine shortcuts.
A good support process logs why impersonation was needed, what was checked, and what the customer should do next afterward.