Create roles with fine grained permission definitions across every module in the platform. Override role permissions per individual user when an exception is genuinely needed. Manage teams and departments the way your organisation actually works. Super Admin bypass for the moments that need it. Full audit log reports filtered by user, date, and action type. An email marketing platform that gives every person exactly the access they need, nothing more.
Define the roles your business actually needs, assign them to the people, teams, and departments that match how your organisation works, override at the individual level when an exception is genuinely warranted, and watch every change land in a clean audit log you can filter by user, date, and action type whenever the question comes up.
Role Definition
Build the roles your business needs Sales Rep, Sales Manager, Marketer, Operations Analyst, Customer Success, Read Only, anything. Each role carries permissions for every module in the platform leads, campaigns, contacts, deals, reports, settings, admin at the action level: view, create, edit, delete, export, share. The permission matrix is granular enough to model any access policy your security team will ask for.
Users, Teams & Departments
Invite users and assign them one or more roles. Group them into teams for day to day collaboration the Enterprise sales team, the SMB pod, the customer success squad. Roll teams up into departments for the broader org structure that finance and HR think in. Permissions cascade cleanly from role to team to department, with full visibility for the admin who needs to see who has access to what.
Per User Overrides
Every organisation has them. The sales rep who needs read access to a campaign module their role doesn't normally touch. The marketing manager who fills in for a department head once a quarter. The contractor who needs export rights without a full admin upgrade. Per user overrides handle these cases as first class actions grant or deny specific permissions to a single user, on top of their role, with the change logged and reversible.
Audit Log Reports
Every action that touches the platform every login, every record edit, every permission change, every export, every admin operation lands in a tamper evident audit log. Filter by user to investigate a specific account, by date range to scope an incident, or by action type to focus on the events that actually matter. Compliance reviews and security investigations turn into a single filtered report instead of a multi day forensics exercise.
Once an organisation runs on properly defined roles, clean per user overrides, and an audit log that actually answers questions instead of Admin, Manager, and Everyone Else the old way of granting access starts to look like an open door policy. These are the changes that show up first.
The classic CRM mistake giving every rep access to every record in the database disappears the moment roles get defined properly. Sales reps work their own book, managers see their team's, leadership sees the rollup. The visible data on each screen matches the role of the person looking at it, which is exactly how it should have worked from day one.
Onboarding becomes a one click action. Invite the new hire, assign them to the Sales Rep role and the EMEA team, done they land in the platform with exactly the access their role allows, all the right dashboards pinned, all the wrong screens hidden. The I need access to X ticket that used to dominate the first two weeks of every new hire's tenure stops getting filed.
Every team has one or two genuine special cases the analyst who needs export rights, the manager covering for a department head. Per user overrides handle them as first class actions, with a logged grant or deny that auto expires or stays in place explicitly. The let's just make them an admin for now shortcut that quietly grants permanent god mode access disappears entirely.
The Sales Manager can add a new rep, the Customer Success lead can adjust their squad, the Marketing director can grant a contractor read access all within the scope of their own department, with the right guardrails. The IT bottleneck that used to throttle every team's growth stops being part of the process for routine access changes.
The audit log answers the questions auditors actually ask. Who exported customer data in the last ninety days? Filter by action type. Who logged in over the weekend during the incident window? Filter by user and date range. What permission changes happened during the breach investigation? Three clicks and a CSV export. What used to be a two week forensics project becomes one filtered report.
The data needed for SOC 2, ISO 27001, GDPR access reviews, and internal security audits is already collected, already filterable, already exportable. The quarterly compliance review that used to require a sprint of manual log stitching becomes a Monday morning report run. Security and compliance teams finally have the artefacts they have been asking for, on demand, without engineering involvement.
The classic CRM mistake giving every rep access to every record in the database disappears the moment roles get defined properly. Sales reps work their own book, managers see their team's, leadership sees the rollup. The visible data on each screen matches the role of the person looking at it, which is exactly how it should have worked from day one.
Onboarding becomes a one click action. Invite the new hire, assign them to the Sales Rep role and the EMEA team, done they land in the platform with exactly the access their role allows, all the right dashboards pinned, all the wrong screens hidden. The I need access to X ticket that used to dominate the first two weeks of every new hire's tenure stops getting filed.
Every team has one or two genuine special cases the analyst who needs export rights, the manager covering for a department head. Per user overrides handle them as first class actions, with a logged grant or deny that auto expires or stays in place explicitly. The let's just make them an admin for now shortcut that quietly grants permanent god mode access disappears entirely.
The Sales Manager can add a new rep, the Customer Success lead can adjust their squad, the Marketing director can grant a contractor read access all within the scope of their own department, with the right guardrails. The IT bottleneck that used to throttle every team's growth stops being part of the process for routine access changes.
The audit log answers the questions auditors actually ask. Who exported customer data in the last ninety days? Filter by action type. Who logged in over the weekend during the incident window? Filter by user and date range. What permission changes happened during the breach investigation? Three clicks and a CSV export. What used to be a two week forensics project becomes one filtered report.
The data needed for SOC 2, ISO 27001, GDPR access reviews, and internal security audits is already collected, already filterable, already exportable. The quarterly compliance review that used to require a sprint of manual log stitching becomes a Monday morning report run. Security and compliance teams finally have the artefacts they have been asking for, on demand, without engineering involvement.
Define. Assign. Override. Audit. The access governance model your security team has been asking for, built right into the email platform your business already runs on.
2700+
Organisations governing access
properly
IT administrators, security teams, compliance officers, department heads, and people operations leaders use EVOX as the access control layer for their email marketing software and customer data. The role library is the policy. The per user overrides are the exceptions. The team and department structure is the org chart. The audit log is the receipt. Every organisation a small business running on a single sales team or a larger enterprise with hundreds of users across multiple departments gets the same governance model with the same level of granularity.
Fine Grained
Overrides
Audit Trail
Admin Bypass
Every module in the platform leads, campaigns, contacts, deals, reports, settings exposes permissions at the action level: view, create, edit, delete, export, share. Roles compose these actions into the access policies your business actually runs on, with cascading inheritance from department to team to user and per user overrides for the cases that genuinely warrant an exception.
A complete user and role management toolkit built into the same email marketing platform your team already uses. Fine grained roles, per user overrides, team and department structure, Super Admin controls, and a full filterable audit log come together in one access layer so the right person always has the right level of permissions.
Build roles with permissions defined at the module and action level view, create, edit, delete, export, share across every part of the platform. The role library is your access policy in code form, granular enough to satisfy any security team and clear enough that the admin who runs it can explain it in a sentence.
Grant or deny specific permissions to an individual user on top of their assigned role. Exceptions stop being a reason to upgrade someone to admin and start being a logged, reversible, optionally time bound action. The shortcut that used to create permanent god mode access disappears entirely.
Group users into teams for daily collaboration and roll teams up into departments for the broader org structure. Permissions cascade cleanly through the hierarchy, department managers run their own teams without filing tickets, and the platform structure reflects how the business actually operates.
A Super Admin role exists for the moments that genuinely need it incident response, emergency overrides, debugging a permission issue, helping a teammate locked out of a critical workflow. Super Admin actions are logged with extra detail in the audit trail, so the access is real but the accountability is too.
Every action on the platform lands in a tamper evident audit log. Filter by user to investigate a specific account, by date range to scope an incident, or by action type to focus on the events that matter. Export the filtered view to PDF or Excel for the compliance record, the security review, or the auditor's annual visit.
Every module in the platform leads, campaigns, contacts, deals, reports, automations, settings, admin exposes its own permission surface. The Sales role can see leads but not billing. The Marketing role can run campaigns but not edit pipelines. The Read Only role can browse without touching anything. The platform finally enforces the access model your business policy describes.
Build roles with permissions defined at the module and action level view, create, edit, delete, export, share across every part of the platform. The role library is your access policy in code form, granular enough to satisfy any security team and clear enough that the admin who runs it can explain it in a sentence.
Grant or deny specific permissions to an individual user on top of their assigned role. Exceptions stop being a reason to upgrade someone to admin and start being a logged, reversible, optionally time bound action. The shortcut that used to create permanent god mode access disappears entirely.
Group users into teams for daily collaboration and roll teams up into departments for the broader org structure. Permissions cascade cleanly through the hierarchy, department managers run their own teams without filing tickets, and the platform structure reflects how the business actually operates.
A Super Admin role exists for the moments that genuinely need it incident response, emergency overrides, debugging a permission issue, helping a teammate locked out of a critical workflow. Super Admin actions are logged with extra detail in the audit trail, so the access is real but the accountability is too.
Every action on the platform lands in a tamper evident audit log. Filter by user to investigate a specific account, by date range to scope an incident, or by action type to focus on the events that matter. Export the filtered view to PDF or Excel for the compliance record, the security review, or the auditor's annual visit.
Every module in the platform leads, campaigns, contacts, deals, reports, automations, settings, admin exposes its own permission surface. The Sales role can see leads but not billing. The Marketing role can run campaigns but not edit pipelines. The Read Only role can browse without touching anything. The platform finally enforces the access model your business policy describes.
Common questions about how EVOX handles roles, permissions, team structure, the Super Admin role, and what the audit log can actually tell you about activity on the platform.
Open the role library, click new role, give it a name, then tick the permissions you want it to carry across each module view, create, edit, delete, export, share. The permission matrix shows every module on the platform with every action as a checkbox, so building a role is a visual exercise rather than a configuration file. Save the role, assign it to a user, and the permissions take effect immediately.
Define. Assign. Override. Audit. The access layer your security team has been asking for, ready the moment your team logs in.