This article is part of the Security & Permissions Guide
With Insightly's Advanced Permissions, you can create layers of permissions based on groups of users so that the right people can get to the right records without compromising their data security or their focus.
Advanced permissions are available with a Professional or Enterprise subscription plan. Other plans may only use Simple Permissions.
Records and permissions
Here are some key terms to help you understand permissions:
- Records are the individual items in your CRM, like a contact record for "J. Rex Harrison" or an organization record for "Homewinds, Inc."
- Objects are the different kinds of records in Insightly, like tasks, contacts, leads, etc.
When Advanced Permissions are enabled, access to the records on your account will be limited to the record owners, record assignees, and administrators. You'll need to set up the layers of interacting permissions to specify what your users can see and do.
Each time a user views a page, Insightly checks their permissions and displays only the objects, records, links, and actions that the user is allowed to see. Because Insightly will hide entire tabs based on a user's profile, advanced permissions have the added benefit of hiding tabs and records that aren't relevant to someone's job.
Types of permissions
These are the permissions that Insightly will check:
- Profiles control which objects users can see and change. They include read, create, edit, and delete actions for objects, which means you can hide entire tabs from groups of users by removing read permissions.
- Organization-Wide Sharing defines the default level for sharing objects. You can open a object to all your users (Public) or keep access to a object restricted to record owners and assignees, their role hierarchy, and sharing rules (Private).
- Roles control which records users can see through a sharing hierarchy. This lets people view records owned by other users, as with a manager overseeing the work of her employees.
- Sharing Rules let you make exceptions to roles and expand record visibility by sharing access across or up the role hierarchy. This allows different roles to view each other's records, as with managers who want to share their views with other managers or with their reports.
Profiles are tied to objects. Roles, organization-wide sharing, and sharing rules are all related to record ownership and assignment. As you move from the Private setting in organization-wide sharing through roles and then to sharing rules, you'll be opening up access to more records for more users.
Planning your permissions settings
When you plan your permissions, you'll need think about how to group and classify your users in profiles and roles. Ask some general questions about your user groups and connect your answers to each permission setting for your planning.
- Should all users have access to every record of a object (Public), or just a subset of records owned by certain users (Private)? Organization-Wide Sharing
- If it's a subset, whose records can they see down through the hierarchy? Role
- And whose records can they see across or up the hierarchy? Sharing Rules
- Should a user have access to every object, or just some objects? Profiles
- Should a user be able to create, edit, or delete these objects? Profiles
The answers to these questions will determine the profiles, roles, and sharing rules that you will create for your account and the users who you'll assign to the profiles and roles.
It's important to note that profiles and roles do not necessarily need to match the job titles in your company's org chart. Remember, setting up permissions is about record access.
Think of a profile as a person's function in the CRM, and a role as a person's ability to view other's records through their access relationships. You might not need to create custom profiles; it will depend on your organization and how you want to manage user access.
A user's profile and role work together to affect which objects and records the user can see.
For example, it's possible to have someone assigned to the Chief role at the top of the hierarchy, which lets them see the records of any user below them.
But if someone assigned to the Chief role is also assigned to the Contractor profile, which doesn't allow access to leads or opportunities...
Then they won't see any leads or opportunities at all. They won't even see the tabs in the navigation bar!
There are many ways that profiles, organization-wide sharing, roles, and sharing rules can interact, and you can check any user and any record to see why someone is or is not seeing certain options or records.
As your business grows and new users with new responsibilities are added, you will probably find that you need to add new roles, profiles, and sharing rules.
Check out our webinar recording on Securing and Protecting your Data with Validation Rules and Advanced Permissions.
For information about adding this feature to your account, email our sales team.