If you’re managing commissions, performance, or sales ops, you know the pain of people seeing things they shouldn’t—or not seeing what they need. This guide is for anyone who wants to keep things tidy and secure inside Everstage without driving themselves nuts or making things so locked down that collaboration grinds to a halt.
Let’s get your user roles and permissions sorted, so your team gets just enough access to do their jobs—no more, no less.
Step 1: Understand the Basics—What Are Roles and Permissions in Everstage?
Before you start clicking around, here’s what you actually need to know:
- Roles are templates—think “Sales Rep,” “Manager,” “Finance,” etc. Each one comes with a set of default permissions.
- Permissions are the rules. They decide whether someone can view, edit, approve, or delete something.
Everstage isn’t a free-for-all. By default, most people see what’s relevant to them. But you can (and should) get granular if you care about privacy, compliance, or just not having people mess up someone else’s numbers.
What works: The built-in roles usually cover 80% of use cases out of the box.
What doesn’t: If you try to get too fancy right away, you’ll confuse yourself and your team. Start simple.
Step 2: Know Your Core Roles (and What They Can Actually Do)
Here’s the honest breakdown of the roles you’ll find in Everstage. If you’re looking for a “CEO Superpowers” role, sorry—there’s no magic button.
- Admin
- Can see and do everything. Add/remove users, change roles, edit compensation rules, see all reports.
- Should only be for those who really need it. More admins = more risk.
- Manager
- Can view and approve their team’s data and payouts.
- Can’t mess with global settings or see everyone’s numbers.
- Rep/User
- Can only see their own data and tasks.
- No access to team or org-wide stuff.
- Custom
- For when you need something in-between. More on that later.
Pro tip: Write down who needs Admin access (hint: fewer is better). Everyone else should start as Manager or Rep.
Step 3: Add Users (Don’t Overthink It)
Now you’re ready to invite people. Don’t invite the whole company at once—start with a test group.
To add a user: 1. Go to “Settings” and find the “Users & Roles” section. 2. Click “Add User” or similar (depends on your UI version). 3. Enter their email, pick a role, and assign them to a team if needed. 4. Double-check the role before hitting “Send Invite.”
What to ignore: Don’t stress about teams or org units unless your company is huge or split by region. You can always organize later.
Step 4: Fine-Tune Permissions (But Seriously, Keep It Simple)
Here’s where things can get messy if you let them. Most teams only need a couple of tweaks.
Customizing permissions: - In “Users & Roles,” pick the role you want to edit. - Adjust permissions for things like: - Data visibility: Can they see other people’s deals, targets, or just their own? - Edit rights: Can they change compensation plans, or just view them? - Approval powers: Who can approve payouts or adjustments?
Be honest: If you’re not sure someone needs a permission, don’t give it. It’s much easier to add later than to clean up a mess.
What works: Start with the default roles, then only change what you absolutely have to. What doesn’t: Granting “view all data” to everyone just because they ask. That’s how mistakes (and privacy headaches) happen.
Step 5: Test With Real People
It’s tempting to assume everything’s perfect after you click “Save.” Reality check: it isn’t.
How to test: - Ask a couple of managers and reps to log in and poke around. - Tell them to try common tasks—viewing reports, submitting payouts, etc. - Have them flag anything they can’t access (or shouldn’t see, but can).
Pro tip: Use a test account with each role. If you don’t have one, create a dummy user for a day.
What to ignore: Don’t obsess over edge cases right away. Cover the basics—the rest can wait.
Step 6: Lock Down Admin Access (Seriously, Do This)
Admins are like having the keys to the vault. Too many, and someone’s bound to break something—accidentally or otherwise.
Best practices: - Limit Admins to 2–3 trusted people, max. - Review Admins every quarter. Remove anyone who doesn’t need it. - Use strong, unique passwords (or SSO if available).
What works: Fewer admins equals fewer headaches. What doesn’t: “Just in case” Admins—if someone only needs access once a year, change their role when needed, then switch back.
Step 7: Set Up Teams and Reporting Lines (If You Need To)
If you’re running a small team, you can skip this. But if you’ve got multiple regions, departments, or layers of managers, it’s worth taking five minutes here.
To organize users: - In “Users & Roles,” look for “Teams” or “Reporting Lines.” - Drag-and-drop users into the right team. - Assign managers to each team.
Honest take: Don’t build an org chart for the sake of it. Only set up teams if it actually changes who can see or approve what.
Step 8: Review and Update Regularly (But Don’t Make It a Chore)
People change roles, leave, or get promoted. Permissions should keep up.
What to do: - Once a quarter, skim your user list. - Remove ex-employees right away. - Downgrade people who’ve changed roles. - Ask managers to flag any permission weirdness.
Skip: Over-automating this—manual checks work fine for all but the largest orgs.
Extra Tips & Common Pitfalls
- Don’t set-and-forget. Roles drift as your team grows.
- Avoid “one-size-fits-all” roles. If you find yourself giving everyone custom permissions, rethink your structure.
- Document who has Admin and why. If you get hit by a bus, someone else should be able to figure it out.
- Don’t ignore audit logs. If Everstage offers them, check once in a while to spot odd access patterns.
Wrapping Up: Keep It Simple, Adjust As You Go
You don’t need a PhD in user management to get Everstage permissions right. Start simple, give people just enough access to do their jobs, and fix things as you spot issues. Overcomplicating things makes more work for you—and nobody thanks the person who makes their life harder with unnecessary red tape.
Set up your roles, test them, and check in now and then. That's about as secure as it gets—without turning your software into a fortress nobody wants to use.