A conflict occurs when the same employee has different access permissions. For example, an employee is a member of several departments or he/she has personal permissions that differ from the group permissions to which he/she belongs. In such cases, permissions may not work the way the user expects.
Roles in CRM
Roles can be divided into 2 groups:
- Personal role - assigned to a specific employee.
- Group role - assigned to a group of employees, such as a company department or a group/project.
Types of access permissions
Access permissions can be divided into Detailed and Inherited.
Detailed permissions are highlighted in black. They can be used for any elements and stages.
Inherited permissions are highlighted in gray. They can only be used for element stages.
Detailed permissions are more important than inherited ones. If an employee has detailed permissions that deny access to deals, and inherited permissions that allow access, access will be denied.
Among the personal and group permissions, the ones that give more rights are applied. If the employee's personal inheritedpermissions prohibit access and the group inherited ones allow access, access will be denied.
First example. An employee is a member of two departments with different access permissions. One department has denied access to deals, while the second one has open access.
In the first case, the permissions are detailed, and in the second, they are inherited.
In this case, the employee will not have access to the deals, because the detailed permissions are more important than the inherited ones.
How to avoid permission conflicts
There are tips to set up your permissions properly:
- If a small number of employees works with the CRM, it is better to set up personal permissions, not group ones.
- Start configuring the permissions for departments, then for subdivisions.
- Configure roles for each department separately. Try not to use the All department and subdepartment employees option. Spend a little more time, but set up separate roles for each subdepartment.
- Try not to use the Employee and his supervisors role. Managers often have conflicts of permissions.
- If the stage permissions and the element permissions are the same, choose the Inherit option. Do not set the permissions manually. CRM will work slower because of a large number of users, roles and permissions.
- If employees were transferred to another department, resave their elements. The access permissions will be updated and will work correctly. Read more in the article Access problems after editing the company structure.