SpiceCRM

Roles vs ACL Profiles

I reviewed the documentation here ( SpiceCRM) which appears to imply that Roles give permissions to a user. I setup a new user and gave them a role of SA (Sales). I logged in as that user and they do not have any permissions to the expected modules.

However, I went to ACL Profiles and added the user to the profile “Sales Person” and then they were able to access the expected modules.

Can someone clarify the purpose of Roles if we need to control permissions via the ACL Profiles?
Or, am I missing some sort of default data that somehow give Roles the ability to grant permissions? Or, default data that ties Roles to ACL Profiles or ACL Actions in some way?

Thank you for your assistance.

Roles in SpiceCRM are meant for the layout. They are NOT about permissions.
It’s a quick way to display users appropriate layout (Navigation content, Edit Forms, displayed Subpanels…) and quick access to the modules they need every day.
Depending if the user works in marketing or sales department, the needs for the use of the crm will be different. That’s what roles are for. I like to call them “Layout Roles”.

ACL Profiles summarize the permissions for user. Meaning what they are authorized to do.

Where Layout Roles and ACLs come together:
If a module is disabled for a user (no permissions) then it won’t appear in navigation or in APP-list even if the layout role includes the module.

Thanks so much. That makes sense. Really appreciate it.