Overview
WordPress users gain CRM capabilities (view/create/edit/delete contacts, manage settings, etc.). The React app receives allowedPages from RolesService::getUserAllowedPages via autoFormCrmData and hides routes users cannot open.
Canonical CRM pages
The plugin maintains a single registry of navigable areas: Dashboard, Contacts, Deals, eCommerce, Meetings, Conversations, Chat, Tasks, Workflows, Email Marketing, Lists, Tags, Custom Fields, Custom Values, Integrations, and Settings. Each slug (for example emails, custom-fields) lines up with sidebar routing guards.
Built-in roles
Admin (crm_admin) includes every page above. Team Member (crm_team_member) includes dashboard, contacts, deals, tasks, meetings, conversations, chat, lists, and tags—excluding workflows, email marketing, custom schema, integrations, settings, and ecommerce by default. You can customize role JSON in settings to fit your org.
WordPress administrators
Users with manage_options always receive the full page list and are treated as crm_admin for role display, even without a database row.
Capabilities & sensitive tools
REST and UI enforce capabilities such as auto_form_crm_view_contacts, granular contact edit/delete/import/export, and auto_form_crm_manage_settings for webhooks and deep configuration. If a user can open a screen but API calls fail with 403, compare their WordPress caps to the controller’s permission_callback.
Related: User profile, Webhooks.