CRAIM is a company-scoped system. Access should reflect the real operating structure of the team.
Access model
Each workspace keeps CRM data, inbox views, AI settings, and integrations tied to the right company.
Invite flow
Use invitations to add new teammates into the workspace with the correct company context instead of sharing one account.
Permission design principles
- keep admin access narrow
- separate operational execution from configuration access
- review who can change channel credentials, approval rules, and AI behavior
Recommended ownership
Admin or RevOps
- integrations
- settings
- subscriptions
- routing defaults
Sales leadership
- pipeline rules
- qualification standards
- AI operating policy
- approvals
Operators
- inbox handling
- task execution
- lead follow-up
Company boundary
Data should always stay inside the correct company workspace. A teammate should only operate in companies where they have been invited. This matters especially for:
- channels
- knowledge documents
- AI workspace memory
- subscriptions
- imported CRM data
Audit mindset
If a teammate leaves or changes role, you should be able to answer:
- which workspace they belonged to
- what access they had
- which operational areas they could edit
- whether they could approve customer-facing output