Read FAQ
NEW
Bitrix24 Support
Registration and Authentication
How to start
My Profile
Feed
Chats and Calls
Calendar
Bitrix24.Docs
Bitrix24.Drive
Bitrix24.Mail
Workgroups
Tasks and Projects
CRM
CoPilot - AI in Bitrix24
Contact Center
Sales Center
CRM Analytics (beta)
BI Builder
Sales Intelligence
Inventory Management
Marketing
Sites
Online Store (beta)
CRM + Online Store
CRM Store (beta)
Bitrix24.Sign
Company
Knowledge base (beta)
Automation
Workflows
Telephony
Market
Subscription
Settings
Enterprise
Mobile App
Desktop App
General questions
Bitrix24 On-Premise

Bitrix24Care

Access permissions conflict in CRM

A conflict occurs when the same employee has different access permissions. For example, an employee is a member of several departments or he/she has personal permissions that differ from the group permissions to which he/she belongs. In such cases, permissions may not work the way the user expects.

Read more about Access Permissions in CRM.

Roles in CRM

Roles can be divided into 2 groups:

  • Personal role - assigned to a specific employee.
  • Group role - assigned to a group of employees, such as a company department or a group/project.

Types of access permissions

Access permissions can be divided into Detailed and Inherited.

Detailed permissions are highlighted in black. They can be used for any elements and stages.

Inherited permissions are highlighted in gray. They can only be used for element stages.

By default, all permissions on the stages are inherited. If the All option is selected in the Deal section and the Inherit option is selected on the stages, then all stages will have access.
manage_role.jpg

Detailed permissions are more important than inherited ones. If an employee has detailed permissions that deny access to deals, and inherited permissions that allow access, access will be denied.

Among the personal and group permissions, the ones that give more rights are applied. If the employee's personal inheritedpermissions prohibit access and the group inherited ones allow access, access will be denied.

First example. An employee is a member of two departments with different access permissions. One department has denied access to deals, while the second one has open access.

In the first case, the permissions are detailed, and in the second, they are inherited.

In this case, the employee will not have access to the deals, because the detailed permissions are more important than the inherited ones.

Any deals and leads are at certain stages, so the permissions at the certain stage are taken into account.

How to avoid permission conflicts

There are tips to set up your permissions properly:

  • If a small number of employees works with the CRM, it is better to set up personal permissions, not group ones.
  • Start configuring the permissions for departments, then for subdivisions.
  • Configure roles for each department separately. Try not to use the All department and subdepartment employees option. Spend a little more time, but set up separate roles for each subdepartment.
  • Try not to use the Employee and his supervisors role. Managers often have conflicts of permissions.
  • If the stage permissions and the element permissions are the same, choose the Inherit option. Do not set the permissions manually. CRM will work slower because of a large number of users, roles and permissions.
  • If employees were transferred to another department, resave their elements. The access permissions will be updated and will work correctly. Read more in the article Access problems after editing the company structure.
Was this information helpful?
Integration specialist assistance
That's not what I'm looking for
Complicated and incomprehensible text
The information is outdated
It's too short. I need more information
I don't like the way this tool works
Go to Bitrix24
Don't have an account? Create for free