What are profiles in Advanced Permissions?

This article is part of the Security & Permissions Guide

When using Advanced Permissions, you can set up profiles to limit a user's ability to access and change records. Users can read, create, edit, or delete records based on the profile they're assigned to. This means profiles can be set up to prevent certain users from deleting items, editing records, or even seeing entire tabs.

  

For example, a Project Management profile could have permissions to create, edit, and delete projects and tasks, but could be restricted from reading leads and opportunities. In that case, anyone assigned to that profile wouldn't see the Leads tab or Opportunities tab or see any of those types of records in Insightly.

While roles and sharing rules define whose records users can see, like a manager accessing the records of his employees, profiles define what users can see and do at the record type level.

Planning your profiles

When planning your profiles, think about grouping your users by the access they need based on the available options.

Perhaps you'll only create two profiles, like a "Read-Only" profile to allow some users to view all record types, and another "Full Access" profile that allows other users to read, create, edit, and delete them.

But it's more likely that you're going to start by considering the job positions you're familiar with. Here's one way to approach profiles from that angle:

  1. Write out the job titles, the actions they'll need to perform, and which record types they need access to. Notice that some of these jobs share access to the same record types.
    Title Actions Record Types
    Executive   Reads  All record types
    Director   Reads and edits All record types
    Service Manager   Reads, creates, edits, and deletes Contacts, organizations, and notes
    Sales Manager   Reads, creates, edits, and deletes Leads, opportunities, and notes
    Auditor   Reads All record types
    Salesperson   Reads, creates, edits, and deletes Leads, opportunities, and notes
  2. The next step is to group them together by their common record types.
    Title Actions Record Types
    Executive   Reads  All record types
    Director   Reads and edits All record types
    Auditor   Reads All record types
    Service Manager   Reads, creates, edits, and deletes Contacts, organizations, and notes
    Sales Manager   Reads, creates, edits, and deletes Leads, opportunities, and notes
    Salesperson   Reads, creates, edits, and deletes Leads, opportunities, and notes
  3. Then, sort them into subgroups by their actions within each record type.
    Title Actions Record Types
    Executive   Reads  All record types
    Auditor   Reads All record types
    Director   Reads and edits All record types
    Service Manager   Reads, creates, edits, and deletes Contacts, organizations, and notes
    Sales Manager   Reads, creates, edits, and deletes Leads, opportunities, and notes
    Salesperson   Reads, creates, edits, and deletes Leads, opportunities, and notes

You have now identified the profiles you need to create, with each color representing a profile. You'll probably find that the profiles are not the same as your roles or job titles.

For our six job titles, we only need to create four profiles. One profile may only have one person assigned to it—the service manager. For "Executives" and "Auditors," we could create two separate and identical profiles, but it's probably simpler to create one called "Read-Only" for anyone in either of those positions.

  

The larger your organization, the more complex your profile list could be.

Now that you have a plan, you can start adding your profiles and assigning users to them.

Have more questions? Submit a request
Top