Release Notes: Custom security roles, secure search, and contact workspaces · June 8, 2026

New Features

• Record Ownership: Users designated as the owner of a record now automatically bypass role and tag-based access rules for that specific document, guaranteeing access to their own work.
• Secure Search: Global full-text search now fully respects your organization’s Role-Based Access Control (RBAC) and Tag-Based Access Rules (ABAC), ensuring users can only discover records they have permission to view.
• Automated Search Security Sync: When you add tags to a record, the backend now automatically generates and pushes specific security tags to Algolia, enforcing your ABAC rules in real time without manual re-indexing.
• Search Security CLI: Added a new update_algolia_security_tags.py management script for administrators to backfill security tags and enforce ABAC filtering on existing search indexes.
• Contact Workspaces: Contacts now have their own dedicated detail screens. Clicking a contact card opens a full workspace where you can manage custom properties or delete the record. Contact card layouts have been optimized for smooth, tap-to-open navigation without intercepting text selection.
• Inline Custom Properties: You can now add and remove custom properties on the fly directly from an object’s form (like an Account, Contact, or Organization). When adding a property, you can specify its type and whether it’s required, instantly updating the underlying Data Dictionary.
• Custom Property Deletion: Added a safety confirmation dialog when removing inline custom properties to prevent accidental data loss.
• Tag Entry Improvements: You can now rapidly add multiple tags or items in list fields by typing a comma-separated list, which instantly converts them into chips.
• ABAC Category Sync: The system now automatically synchronizes any tag categories used in your role-based access rules with your organization’s master category map.
• ABAC Rule Cleanup: Disabling RBAC globally now automatically clears any existing tag-based access rules from your organization’s configuration.
• Graceful Error Handling: Improved error states when loading Data Dictionaries, preventing the entire form from crashing if dictionary permissions or configurations are missing.
• Synchronized Version Viewer: The Version Viewer now supports synchronized node expansion. Expanding or collapsing a nested data field in one version panel automatically updates the comparison panel.
• URL-Encoded Paths: The Version Viewer now automatically decodes URL-encoded slashes (~2F or ~) pasted into the document path field.
• Responsive Version Viewer: The interface for comparing document versions has been optimized for mobile devices and smaller screens, neatly stacking the comparison panels.
• Roles & Permissions: Organization administrators can now create custom security roles under Settings. You can assign specific Can Read, Can Write, or No Access permissions to different modules using a visual drag-and-drop interface.
• Global ABAC Configuration: You can now enable RBAC globally from the Org Info screen. When enabled, define Tag-Based Access Rules that map specific collections (like engagements) to Tag Categories (up to 10 categories per collection), restricting user access based on their assigned tags.
• Bypass ABAC: Added a “Bypass ABAC” toggle for roles that require full, unrestricted access to all organizational data.
• User Management: The Users table in Settings now allows you to click into individual team members to manage their profile. You can assign security roles, apply tags, or remove users from the organization entirely.
• Real-Time Security Sync: User role and security tag assignments are now synchronized directly to their underlying authentication claims via backend triggers, ensuring immediate and consistent enforcement of access controls.
• Clearable Selections: Object search dropdowns (like the Role selector) now support a “None” option to quickly clear your selection.
• Tab Navigation: All scrollable tab bars (like the engagement workspace) now support click-and-drag scrolling using a mouse or trackpad, improving navigation on desktop.
• Cleaner Search Categories: Global search results and record headers now display human-readable category names (like “Engagement” or “Account”) instead of raw database collection IDs.

Fixes & Improvements

• Client-Side ABAC Enforcement: List and table queries across the platform now natively enforce Tag-Based Access Rules (ABAC) in real time to filter accessible records.
• Resource Planning: Decreased the row height in the resource planning grid to improve data density and display more assignments on screen.
• UI Stability: Updated the loading state UI for search and autocomplete fields to perfectly match standard input styling and prevent layout shifts.
• Security Rules Optimization: Refactored Firestore security rules for RBAC and ABAC to evaluate more efficiently using ternary operations, and added strict null validation for user authentication tokens, profiles, and referenced documents to prevent evaluation failures.
• Form Validation: Autocomplete map fields now properly enforce maximum value limits per key, displaying clear inline errors when exceeded.
• Contact List Navigation: Fixed an issue where text selection on contact cards would intercept clicks, ensuring smooth tap-to-open navigation to the contact workspace.
• Audit Trail Reliability: Upgraded the core document versioning engine with doubled memory capacity and extended timeouts to ensure audit snapshots are reliably captured during massive bulk data updates.
• Dialog Stability: Fixed an issue where deletion confirmation popups on the contact workspace could lose context and crash.
• Salesforce Sync Reliability: Improved the outbound integration dispatcher with transactional locking to prevent duplicate records from being created in Salesforce during rapid, concurrent updates.
• Empty States: Added helpful empty states and error messages to the Version Viewer when no versions are found or an invalid path is entered.
• Profile Settings: Fixed an issue where the Change Name dialog would fail to load properly from the top profile menu by ensuring global context is correctly passed.
• Engagement Routing: Simplified navigation URLs when opening engagements directly from the client account workspace. Engagements now consistently open at their top-level URL, preventing nested navigation issues.
• Data Dictionary Navigation: Fixed an issue where the Data Dictionaries screen incorrectly routed users to the Dataloads module. Data dictionaries now fully support deep linking and browser navigation, allowing direct URLs to specific dictionary configurations.
• Dataload Deep Links: Updated internal routing and URL encoding for data imports to ensure nested paths and specific dataload records load reliably from direct URLs.
• Version History Performance: Added new database composite indexes to optimize the loading speed and ordering of the document Version Viewer across the organization.
• Auto-Numbering Reliability: Fixed a backend transaction issue that could prevent automatic sequential numbers from being assigned correctly when creating new records under heavy load.
• Deep Link Stability: Resolved state hydration issues that occasionally caused screens to display empty or missing data during direct URL navigation.
• Resource Plan Integrations: Added new database composite indexes for resource plans to support robust, high-speed data syncing with external systems (like Salesforce) via external IDs.
• Role Assignment: Fixed an internal issue where assigning custom security roles to users could fail to evaluate permissions correctly if the role was referenced by its full system path instead of its ID.