Released: May 14, 2026
π Note: This is one of several releases designed to enhance and refine our permission offerings. Review the prior releases and stay tuned for additional releases.
This release delivers a major expansion of granular permissions across Contacts, Segments, Notes, Labels, Applications, ID Verification and SSN visibility. These updates break apart several all-or-nothing permission bundles into more precise, role-appropriate controls. This gives admins the flexibility to grant the access each team member needs without over-permissioning.
Contact & Profile Permissions
The previous Administer Profiles and Edit Profiles permissions bundled multiple operations together, forcing schools to grant broad access in order to enable a single action. These have been broken into fine-grained permissions:
Add New Contacts β Create new contact records without requiring edit or delete rights.
Edit Contact Fields β Update contact data without the ability to change profile types, delete, or deactivate.
Change Profile Type β Change a contact's profile type, separated from general edit access.
Delete Profiles β Permanently delete contact records.
Activate/Deactivate Profiles β Toggle a contact's active status without requiring full admin access.
Enforcement improvements included in this release:
Users with only View Profiles can no longer execute CTA actions, edit via the User Verification card, edit date picker custom fields, or modify applications from the profile.
The (+) button for adding contacts is now hidden unless the user has Add New Contacts or Administer Profiles.
The Profile Type dropdown is now locked unless the user holds the Change Profile Type permission.
Users with Edit Application Details can now correctly edit applications from the profile sidebar without needing Edit Profiles.
Segment Permissions
Segment access has been expanded from the previous model into a full All / My / My Team permission structure:
Use All Segments β Apply any segment as a filter.
Use My Segments β Apply only segments created by the user.
Use My Team Segments β Apply segments created by members of the user's team.
Edit All Segments β Create, edit, and move any segment.
Edit My Segments β Create and edit only the user's own segments, including moving them to folders.
Edit My Team Segments β Edit segments owned by the user's team members.
Delete All Segments β Delete any segment.
Delete My Segments β Delete only the user's own segments.
Delete My Team Segments β Delete segments owned by the user's team members.
Enforcement improvements included in this release:
Users with only Edit My Segments no longer see all segments; they see only their own.
Users with Edit My Team Segments now correctly see segments created by their team members.
The Query Builder and "Add Filter" button are hidden on segments the user does not have edit access to.
Users with edit permissions can now move their segments to folders as expected.
Notes Permissions
Notes permissions have been expanded to support the same All / My / My Team structure:
Edit Notes β Create new notes and edit all notes (equivalent to previous behavior under Edit Profiles).
Edit My Notes β Create notes and edit only notes authored by the user.
Edit My Team Notes β Create notes and edit notes authored by the user's team members.
Delete Notes β Delete any note.
Delete My Notes β Delete only notes authored by the user.
Delete My Team Notes β Delete notes authored by the user's team members.
Enforcement improvements included in this release:
Users with Edit Profile but no Notes permissions can no longer initiate the "Add Note" flow.
Team members can now edit and delete private notes assigned to their team, even when the note was created by a non-team admin.
Labels Permissions
The previous single Manage Labels permission has been split into two separate permissions:
Add Labels β Add labels to contact profiles.
Remove Labels β Remove labels from contact profiles.
Users with only Add Labels or Remove Labels can now correctly view contact profiles; a backend issue that prevented profile visibility for these users has been resolved.
β
SSN Visibility
The See Full SSN permission is now enforced on the Deduplication / Merge screen. Previously, users with this permission could not see the full SSN when resolving duplicates, only the last 4 digits.
Permission descriptions have been updated to clarify that only users with Full SSN access can edit, delete, or add SSN values.
ID Verification
The Update ID Verification Status permission now works independently and is additive to Edit Profiles.
The permission description has been updated to note that it must be combined with a view, edit, or administer profile permission.
These updates transition from broad, bundled permissions to more precise, role-based model across the platform's core modules. Admins can now configure access that matches each team member's actual responsibilitiesβletting advisors add notes without editing profiles, giving enrollment staff segment access without exposing the full segment library, and allowing student workers to add labels without being able to remove them.
β
These controls reduce the risk of over-permissioned users accessing or modifying data outside their role. Combined with the earlier releases for Tasks, Documents, Visibility Groups, and DOB Masking, the full Permissions Upgrades project delivers a comprehensive, granular permissions framework across Element451.
