A conflict occurs when the same employee has different access permissions. For example, an employee is a member of several departments or he/she has personal permissions that differ from the group permissions to which he/she belongs. In such cases, permissions may not work the way the user expects.
Roles in CRM
Roles can be divided into 2 groups:
- Personal role - assigned to a specific employee.
- Group role - assigned to a group of employees, such as a company department or a group/project.
Types of access permissions
Access permissions can be divided into Detailed and Inherited.
Detailed permissions are highlighted in black. They can be used for any elements and stages.
Inherited permissions are highlighted in gray. They can only be used for element stages.
First example. An employee is a member of two departments with different access permissions. One department has denied access to deals, while the second one has open access.
In the first case, the permissions are detailed, and in the second, they are inherited.
In this case, the employee will not have access to the deals, because the detailed permissions are more important than the inherited ones.
Second example. Conflict of inherited permissions. An employee is a manager in the company structure, but he/she also has a role of sales manager. This employee has a personal and a group role.
In this example, the employee will have the permissions of the Sales Manager role.
How to avoid permission conflicts
There are tips to set up your permissions properly:
- If a small number of employees works with the CRM, it is better to set up personal permissions, not group ones.
- Start configuring the permissions for departments, then for subdivisions.
- Configure roles for each department separately. Try not to use the All department and subdepartment employees option. Spend a little more time, but set up separate roles for each subdepartment.
- Try not to use the Employee and his supervisors role. Managers often have conflicts of permissions.
- If the stage permissions and the element permissions are the same, choose the Inherit option. Do not set the permissions manually. CRM will work slower because of a large number of users, roles and permissions.
- If employees were transferred to another department, resave their elements. The access permissions will be updated and will work correctly. Read more in the article Access problems after editing the company structure.