Permissionsthatactuallyfit
Generic admin/user toggles don't work for dealerships. You need a BDC agent who can see CRM but not export lists. A marketing manager who can run campaigns but not access customer PII. A finance manager who can view applications but not reassign leads. DriveAgent RBAC is built around how dealerships actually operate.
Predefined Dealer Roles
Sales Manager, Service Advisor, BDC Agent, Marketing Manager, F&I Manager, Receptionist, and more — all ready to assign with no configuration needed. Each role comes with sensible defaults based on real dealership workflows. Assign a role at invite time and the user lands in a dashboard scoped exactly to their job.
Custom Role Builder
Create roles from scratch or customise any predefined role. The permission matrix editor shows every resource area with per-action checkboxes — view, edit, delete, export, reassign. Ownership scope controls let you set whether the role sees their own records only or the full team pipeline.
Multi-Tier Access
Six access tiers cover the full platform hierarchy: Super Admin, Platform Manager, OEM Regional, Agency, Dealer Staff, and Support. Each tier has appropriate platform visibility — agencies see campaigns and analytics without touching customer records, OEM regionals get read-only brand performance data without PII.
Smart Sidebar Gating
Dashboard navigation automatically adapts to each user's role. Salespeople see CRM and Inventory. Marketing sees Campaigns and Analytics. Service advisors see Bookings and Repair Orders. No clutter, no confusion — every user lands in a clean dashboard shaped around their day.
Action-Level Permissions
Not just page access — individual buttons are hidden based on granular permissions. Delete, export, reassign, and bulk-edit actions are only visible to roles that have been granted them. Read-only users can view records, drill into detail pages, and run reports without any risk of accidental modifications.
Invite & Onboarding
Invite team members by email with a pre-assigned role. They accept via magic link, set their password, and land directly in a dashboard scoped to their permissions — no IT setup required. Roles can be changed at any time; permission changes propagate within 60 seconds without requiring a re-login.
Granular without the complexity
Most RBAC systems force you to choose between too simple (admin vs user) or too complex (hundreds of raw permission flags). DriveAgent ships with sensible presets for every dealership role and a visual matrix editor so you can tune permissions without writing code or filing IT tickets.
See how it worksAgency & OEM access done right
Marketing agencies get campaign and analytics access without seeing customer PII. OEM regional managers get read-only performance data across all their brand's dealers. Group admins manage every location from one dashboard. Each tier sees exactly what they need — nothing more.
Learn about multi-tier accessUncontrolled access vs role-based access
Under The Hood
Roles & Permissionsdeep dive
33 resource areas covering Sales, CRM, Marketing, Service, AI, Integrations, Reporting, and Platform Administration. Each resource has specific actions — view, edit, delete, export, reassign, bulk-action — that can be granted or withheld independently. The registry is enforced server-side; UI gating is cosmetic on top of real server enforcement.
Salespeople with own-scope see only their assigned leads, test drives, and conversations. Managers with all-scope see the full team pipeline. The same CRM page, the same URL — different data based on role scope. No need to build separate manager and salesperson dashboards. Scope is enforced in every query, not just in the UI.
Group admins get access across all dealers in their group automatically. Group managers inherit a default role configured at group level. Individual dealer assignments can override the group default for specific staff — useful for dealer principals who have elevated access at one location only. Inheritance resolves at query time.
Users can only grant permissions they themselves possess — a salesperson cannot create an admin-level role or add permissions above their own. Server-side enforcement validates every role save against the requesting user's own permission set. Privilege escalation is blocked at the API layer, not just the UI.
Marketing agencies are provisioned with a dedicated agency tier that grants campaign management, analytics, and content editing — without access to CRM records, customer data, or financial reporting. OEM regional managers get a read-only brand view spanning all dealers carrying their brand. Both tiers are configured at group or platform level and cannot be self-escalated.