This article is part of the Security & Permissions Guide
Choosing which records users can access is an important decision to make as you plan for the security of your CRM data.
There are two ways of controlling access to records in Insightly CRM: Simple Permissions and Advanced Permissions. Which option you choose will depend on the size of your company, your Insightly subscription plan, and how you want to control your users' ability to access and change records.
Each time a user views a page, Insightly checks their permissions and displays only the record types, records, links, and actions that the user is allowed to see.
Permissions settings are on the System Settings > Users and System Settings > Permissions pages.
|What kinds of users can be set up?||Users can be standard users or administrators and can be organized into teams. Administrators can access system settings and have access to every record.|
|Is there individual record security?||Yes. Each record has a visibility setting to give specific users or teams access to it. Anyone who owns a record or is assigned to it can always view it.|
|What can users see?||Records that they own, are assigned to them, or are made visible to them through each record's visibility permissions.|
|What can users do?||Every user can create, edit, and delete records. There is no read-only user option with Simple Permissions. Users can be prevented from exporting records on the System Settings > Users page.|
|What kinds of users can be set up?||Users can be administrators or assigned to custom profiles and roles. Profiles limit what types of records users can see and modify. Roles grant access to others' records through a relationship hierarchy.|
|Is there individual record security?||No. Access to each record is based on who owns it, who's assigned to it, the roles those people report to, and their roles' sharing rules.|
|What can users see?||• Record types and navigation tabs visible to their profile.
• Records owned by them, assigned to them, or owned by/assigned to the people below them in the role hierarchy AND records that are visible to their role through sharing rules.
|What can users do?||It depends on their profile. Profiles grant users permissions to view, create, edit, or delete records of specific types, like contacts and opportunities. Users can be prevented from exporting records on the System Settings > Users page.|
Enabling Advanced Permissions removes viewing permissions from individual records. While this gives administrators greater control over data access by record type, it means you and your users cannot make exceptions to share individual records on a case-by-case basis.
The roles, profiles, organization-wide sharing, and sharing rules settings can also affect each other in various ways. For example, someone who owns a record may always view it, but will not be able to delete or edit it if their profile doesn't allow those actions.