Teams, the audit log, and trash
How teams and team managers work, what the audit log actually records, and how deal trash and restore are scoped.
Updated 2026-07-06
Teams
A team is a named group of members, managed in Settings → Teams: create a team, add or remove members, and delete it. Team membership is what "Team" deal visibility checks against — a member of the team can see a deal set to that team's visibility.
A team manager is a separate, smaller group from its members. Managing a team grants deal.edit_team over deals owned by that team — being a plain member does not. A team can have managers who aren't members, and members who aren't managers.
Creating a team, deleting one, and managing its members or managers requires the manage.teams permission — enforced both in the UI and on the API. Manager holds it by default, so a Manager can run team administration without being the billing owner; the billing owner always can, since they hold every permission.
The audit log
Settings → Audit log lists recent governance events: date, actor, and event, most recent first. Viewing it requires the audit.view permission — without it, the page tells you so instead of showing anything.
What gets recorded: role created, updated, or deleted; a member's role changed; a team's members or managers changed; a deal deleted, restored, or exported. Each entry is an actor, a timestamp, and a short detail string.
The audit log is not a full activity trail. Day-to-day deal edits, visibility changes, and team-section adds/removes show up in that deal's own timeline, not in the workspace audit log.
Trash and restore
Only deals are soft-deleted. Deleting a deal (deal.delete) hides it everywhere but keeps it recoverable in Settings → Trash & archive; restoring it (deal.restore) brings it back exactly as it was. There's no retention limit — a deleted deal stays in trash until someone restores it.
The Settings → Trash & archive page opens for anyone who holds deal.delete or deal.restore, and each button inside is gated on its own permission: Restore needs deal.restore. So a custom role granted deal.restore without deal.delete can reach the page and restore, which the two permissions imply. The same page also lists archived (not deleted) deals in an Archived section, with Unarchive, for anyone with deal.archive.
Contacts and companies don't have trash. They're archived instead (contact.archive / company.archive), and the same permission covers unarchiving — there's no separate restore step or permission for them.
Spotted something out of date? Email hello@neokivo.com.