To simplify and future-proof our CRM, we propose a clearer distinction between users and contacts:

Distinct Types

Users: Authenticated accounts with login privileges.

Contacts: Business records tracked in the CRM system, without login privileges.

This separation ensures that external contacts are never mistaken for system users.

Permissions

Only admins can create or manage users.

Regular staff can add and edit external contacts, but not users.

This approach safeguards system integrity while allowing staff to work freely with contact data.

Notifications

By default, contacts do not receive system notifications, unless explicitly set up for GDPR purposes.

Context for Our Use

We use the CRM differently from many other organizations:

Our team does not administer grants; we apply for funding.

The system is used to manage our portfolio of projects and coordinate our fundraising efforts.

Without this separation, the CRM functionality would become unusable for organizations like ours.

Outcome

This upgrade reduces complexity by firewalling users from contacts.

Staff can interact with contacts efficiently, while sensitive user management remains restricted to admins.

Overall, this ensures both security and operational flexibility in our CRM workflows.