top_en
Log In

Bitrix24Care

Start free

Access permissions conflict in CRM

A conflict occurs when the same employee has different access permissions. For example, an employee is a member of several departments or he/she has personal permissions that differ from the group permissions to which he/she belongs. In such cases, permissions may not work the way the user expects.

Read more about Access Permissions in CRM.

Roles in CRM

Roles can be divided into 2 groups:

  • Personal role - assigned to a specific employee.
  • Group role - assigned to a group of employees, such as a company department or a group/project.

Types of access permissions

Access permissions can be divided into Detailed and Inherited.

Detailed permissions are highlighted in black. They can be used for any elements and stages.

Inherited permissions are highlighted in gray. They can only be used for element stages.

By default, all permissions on the stages are inherited. If the All option is selected in the Deal section and the Inherit option is selected on the stages, then all stages will have access.
manage_role.jpg
Detailed permissions are always more important than inherited permissions. Personal roles are more important than department roles.

First example. An employee is a member of two departments with different access permissions. One department has denied access to deals, while the second one has open access.

In the first case, the permissions are detailed, and in the second, they are inherited.

In this case, the employee will not have access to the deals, because the detailed permissions are more important than the inherited ones.

Any deals and leads are at certain stages, so the permissions at the certain stage are taken into account.

Second example. Conflict of inherited permissions. An employee is a manager in the company structure, but he/she also has a role of sales manager. This employee has a personal and a group role.

In this example, the employee will have the permissions of the Sales Manager role.

How to avoid permission conflicts

There are tips to set up your permissions properly:

  • If a small number of employees works with the CRM, it is better to set up personal permissions, not group ones.
  • Start configuring the permissions for departments, then for subdivisions.
  • Configure roles for each department separately. Try not to use the All department and subdepartment employees option. Spend a little more time, but set up separate roles for each subdepartment.
  • Try not to use the Employee and his supervisors role. Managers often have conflicts of permissions.
  • If the stage permissions and the element permissions are the same, choose the Inherit option. Do not set the permissions manually. CRM will work slower because of a large number of users, roles and permissions.
  • If employees were transferred to another department, resave their elements. The access permissions will be updated and will work correctly. Read more in the article Access problems after editing the company structure.
This helped
Thanks :)
Optional:
Article feedback
This didn't help
Sorry :(
Could you please tell us why:
Article feedback
I still have questions