Bitrix24Care

Access permissions conflict in CRM

Permission conflicts can happen when an employee has different access levels. For example, being in multiple departments or having personal permissions that differ from group ones can lead to unexpected permission issues.

This article explains how to use access permission roles and types to prevent conflicts. For more details on CRM access permissions and setup, see the article:
Access Permissions in CRM

Roles in CRM

Roles are divided into two groups:

  1. Personal role: Assigned to an individual employee.
  2. Group role: Assigned to a group, like a department, workgroup, or project.

Types of access permissions

Access permissions are either detailed or inherited.

  • Detailed permissions: Highlighted in black, applicable to any item and stage.
  • Inherited permissions: Highlighted in gray, applicable to item stages.
By default, stage permissions are inherited. If All is selected in the Deal section with the Inherit option on all stages, a user with this role can access all deal stages.
Detailed permissions are stronger than inherited ones. If detailed permissions deny access, access is denied even if inherited permissions allow it.

Among personal and group permissions, the ones granting more rights are applied. If personal inherited permissions deny access but group inherited ones allow it, access is granted.

Example: An employee is in two departments with different access permission roles. One denies deal access, the other allows it. If the first department's permissions are detailed and the second's are inherited, the employee won't have access because detailed permissions are stronger.

Deals and leads always are at a specific stage, so stage permissions are important.

Avoiding permission conflicts

Here are tips for setting up permissions correctly:

Set personal permissions: For small teams using CRM, it's better to use personal permissions rather than group ones.

Assign permissions from the top down: Start by setting permissions for main departments, then move on to subdepartments.

Set roles separately for each department: Avoid using the All department and subdepartment employees option. Instead, create separate roles for each subdepartment.

Avoid using Employee and supervisors role: When you select a specific user in the Departments tab, they appear with the Employee and supervisors role in the list. Avoid using this role, as it can lead to permission conflicts for supervisors.

Use inherited stage permissions: If item and stage permissions are the same, select the Inherit option instead of setting them manually. CRM may work slower because of many users, roles, and permissions.

Resave CRM items after editing the company structure: If you move an employee to a different department, resave their CRM items to ensure permissions are updated and correct.
Access problems after editing the company structure

Was this information helpful?
Integration specialist assistance
That's not what I'm looking for
Complicated and incomprehensible text
The information is outdated
It's too short. I need more information
I don't like the way this tool works
Go to Bitrix24
Don't have an account? Create for free