Tools
Pricing
Solutions
Partners
Apps
Blog
Read FAQ
NEW
Bitrix24 Support
Registration and Authentication
How to start
My Profile
Feed
Messenger
Start page: the Vibe
Calendar
Bitrix24.Docs
Bitrix24 Drive
Bitrix24.Mail
Workgroups
CoPilot - AI in Bitrix24
Tasks and Projects
CRM
Contact Center
Sales Center
CRM Analytics (beta)
BI Builder
Sales Intelligence
Inventory Management
Marketing
Sites
Online Store (beta)
CRM + Online Store
CRM Store (beta)
e-Signature
e-Signature for HR
Company
Knowledge base (beta)
Automation
Workflows
Telephony
Market
Subscription
Settings
Enterprise
Desktop App
General questions
Bitrix24 On-Premise
Start for free
Log In

Bitrix24Care

Bitrix24Care
CRM
CRM Settings
CRM Access Permissions

Access permissions conflict in CRM

Stacy Smith
Author: Stacy Smith
Last update: October 01, 2024.

Permission conflicts can happen when an employee has different access levels. For example, being in multiple departments or having personal permissions that differ from group ones can lead to unexpected permission issues.

This article explains how to use access permission roles and types to prevent conflicts. For more details on CRM access permissions and setup, see the article:
Access Permissions in CRM

Roles in CRM

Roles are divided into two groups:

  1. Personal role: Assigned to an individual employee.
  2. Group role: Assigned to a group, like a department, workgroup, or project.

Types of access permissions

Access permissions are either detailed or inherited.

  • Detailed permissions: Highlighted in black, applicable to any item and stage.
  • Inherited permissions: Highlighted in gray, applicable to item stages.
By default, stage permissions are inherited. If All is selected in the Deal section with the Inherit option on all stages, a user with this role can access all deal stages.
Detailed permissions are stronger than inherited ones. If detailed permissions deny access, access is denied even if inherited permissions allow it.

Among personal and group permissions, the ones granting more rights are applied. If personal inherited permissions deny access but group inherited ones allow it, access is granted.

Example: An employee is in two departments with different access permission roles. One denies deal access, the other allows it. If the first department's permissions are detailed and the second's are inherited, the employee won't have access because detailed permissions are stronger.

Deals and leads always are at a specific stage, so stage permissions are important.

Avoiding permission conflicts

Here are tips for setting up permissions correctly:

Set personal permissions: For small teams using CRM, it's better to use personal permissions rather than group ones.

Assign permissions from the top down: Start by setting permissions for main departments, then move on to subdepartments.

Set roles separately for each department: Avoid using the All department and subdepartment employees option. Instead, create separate roles for each subdepartment.

Avoid using Employee and supervisors role: When you select a specific user in the Departments tab, they appear with the Employee and supervisors role in the list. Avoid using this role, as it can lead to permission conflicts for supervisors.

Use inherited stage permissions: If item and stage permissions are the same, select the Inherit option instead of setting them manually. CRM may work slower because of many users, roles, and permissions.

Resave CRM items after editing the company structure: If you move an employee to a different department, resave their CRM items to ensure permissions are updated and correct.
Access problems after editing the company structure

Was this information helpful?
Integration specialist assistance
That's not what I'm looking for
Complicated and incomprehensible text
The information is outdated
It's too short. I need more information
I don't like the way this tool works
Go to Bitrix24
Don't have an account? Create for free
Bitrix24
Support
Resources
On-premise
Apps
Partners
You can find the Bitrix24 Cloud and Self-Hosted Service Level Agreement here.
© 2024 Alaio
Privacy Overview

Cookies: This website uses cookies for analytical and technical reasons. ‘Analytical Cookies’ are inserted by Google Analytics to help us understand which countries our visitors come from, which pages they visit and what actions they take on this site. ‘Strictly Necessary Cookies’, as the name implies, are a type of cookies that are required for proper functioning of certain features of this website, such as the ability to use live chat. Disabling these cookies will disable access to those features and degrade your website experience.

Cookies of both types can be enabled or disabled within this plugin.

Cookie Settings
Cookie Policy

More information about our Cookie Policy

We use cookies to enhance your browsing experience - Find out more. By continuing to browse this site you are agreeing to our use of cookies. Change your cookie settings.
Got it