# Set up Contact Visibility

Out of the box, no user can see or edit the company contacts stored in Cloud Voice. Access is granted explicitly: you create visibility rules that tie a set of extensions to the phonebooks they are allowed to work with and the level of access they get. This page walks through creating those rules.

:::note
"Company contacts" live in shared **phonebooks** managed on the PBX (Private Branch Exchange, the phone system itself). They are separate from a user's personal contacts. A visibility rule controls who can reach a phonebook and whether they can only read it or also change it.
:::

## Create a contact visibility rule

1. Sign in to the PBX web portal and open **Extension and Trunk > Client Permission > Contact Visibility**.
2. Click **Add rule**.
3. Fill in the rule using the drop-down lists.

   ![Contact visibility rule form with fields for extensions, permission type, and target phonebooks](/images/pbx/set-up-contacts-visibility-ep-up.png)

   - **Extension/Extension Group/Organization**: Click the edit icon (![edit](/images/pbx/edit.png)) and choose the extensions, extension groups, or departments the rule applies to. These are the users who will receive the permission.

     :::tip
     Point the rule at an extension group or a department (organization) rather than picking users one at a time. Anyone added to that group later inherits the permission automatically, so you do not have to revisit this rule.
     :::
   - **Permission Type**: Choose the level of access to grant:
     - **Allow view**: Users can view the phonebooks listed under **Objects**.
     - **Allow manage**: Users can view, add, edit, and delete the phonebooks listed under **Objects**.

     :::caution
     **Allow manage** includes the power to edit and delete entries, and the company phonebooks are shared. A change or deletion made by one authorized user affects that phonebook for everyone who can see it. Grant **Allow view** to most users and reserve **Allow manage** for the people who actually maintain the directory.
     :::
   - **Objects**: Click the edit icon (![edit](/images/pbx/edit.png)) and select the phonebooks the chosen users may view or manage. The permission type you picked applies only to the phonebooks you select here.
4. Click **Save**.

## What the users see

Once a rule is saved, the effect depends on how a user connects:

- In the **Cloud Voice App**, authorized users can view or manage the company contacts, according to the permission you granted.
- On auto-provisioned IP (Internet Protocol) phones, authorized users can view the company contacts but cannot manage them, even when the rule grants **Allow manage**. Auto-provisioning means the PBX pushes the configuration to the phone for you. For the provisioning steps, see [Allow Users to Query Contacts on IP Phones](/pbx/administrator-guide/allow-users-to-query-and-use-contacts-on-ip-phones/).

:::note
IP phones support viewing company contacts only. If a user needs to add, edit, or delete contacts, they must do it from the Cloud Voice App.
:::
