Security Control, found within Setup is where you can customize each User’s permissions to the different data, features, and modules within Zoho CRM using Roles and Profiles.
In every organization’s CRM considerations of democracy (every one having access to the data) and hierarchy (only certain roles have access to certain data) must find a balanced equilibrium so that your data is both secure and relevant to each user.
Permissions allow you to achieve this balance and are based on your organization’s internal structure, workflows, and hierarchy.
Only administrators should set and control these security options.
Adding Users to your Zoho CRM account and assigning them Roles and Profiles is a key portion of the setup process so first, let’s clarify what we mean by these terms:
Users
- A User is one who manages records, their own or those shared by other users, within the organization.
- Each user can sign in to their account with an email address and password.
- Administrators: Users who can access the entire system. There must be at least one Administrator for accessing the entire data and features in your Zoho CRM account.
- Standard Users: Users who can access data according to the defined permissions (profiles) and roles in the organization.
Roles
- Roles set up the organization-wide hierarchy and are assigned to every user.
- Roles correspond to position level within the larger organizational chain of command.
Profiles
- Profiles help define the access permissions to the various CRM records, modules, and features. They are based on what information and functionality a particular user needs. For instance, the permissions required for a person from the Development team might differ from the permissions required for a person in the Marketing team.
- You can define the permissions for each profile and add as many as you wish, making the process highly customized.
Common Pitfalls When Setting Up New Users:
A lot of system administrators will add Users first and then restrict permissions using Roles and Profiles. We suggest the inverse process. Make sure Roles and Profile permissions are in place before you add Users so that the Users’ access can be defined as soon as you add them.
An easy way to do this is to simply take your most recent org chart and mirror that structure in setting up Roles. Then set up your Profiles to reflect each User’s specific access permissions.
A few guiding questions when choosing what Profile to assign a User:
- What information does a particular position need to have access to in order to perform essential duties?
- What is the position’s place in the organizational hierarchy?
- What information might be irrelevant or superfluous?
- What information might be sensitive or inappropriate?
For example – does a Program Manager need access to financial records? Does a Development Associate need access to program records – if yes, should this access be Read Only? Or as another example, should someone on the Development team be able to adjust the layout of a record or create a web form? You get the idea.
If you are the System Administrator you will come to build permissions that take into account your organization’s specifics and part of your role will be to troubleshoot, fix and update permission issues on an ongoing basis because this is always shifting and evolving territory that has to stay current and relevant.
The good news?
No one will have a better understanding of your organization’s hierarchy and its relationship to the data than you – and then you can lay claim to being the foundation of balance upon which the organization rests.
Go YOU!