Roles and permissions allow you to control what each user within Internal is allowed to view or edit. You can access this through the Company Settings.
You'll see the existing roles in Internal and an "Add Role" button to create new roles.
Admin and Read Only roles are created by default. Admin users have access to everything, including Company Settings. Read Only users are given default view access to everything, but are not allowed to write or use functions to edit any data.
You can click on an existing role to view the permission set for that role, and make edits.
Add a role name and begin defining permissions: data permissions and function permissions.
You'll see all the resources you have in a list. Use the Read and Write checkboxes to assign read and write privileges to this role. Click the "+" to expand each resource - this will allow you to set more granular permissions on the field-level.
Read will give the role the ability to see this particular resource or field - without read privileges, this resource (or field) will not appear or be able to be accessed by this role. Write gives the role the ability to edit (write directly) to that particular resource or data field (within the admin console).
You can define whether this role can use specific functions (including any custom functions you have created). This controls how that role will be able to use certain Space components that are tied to those functions. Without access, a role cannot utilize those functions within a Space.
For functions that insert and delete records, you can use the "Has Access" checkbox to set role permissions. For functions that update a record, you can also choose to expand to see individual field-level permissions for this function. This will control whether that role can update that specific field using that function.