Elena Fedianova

Nikita Kalinin

CRM Field-level Permissions

The fields in CRM/Deal/Pipeline are editable by all users by default. The question is how do we separate the rights to fill CRM Deal fields and prevent someone who is not the owner from editing the fields? That is, to give a certain user the right to edit certain fields, while denying them rights to edit other fields?

We often receive requests for such an option from our clients. The inquiry on how to control employee rights/access at every work stage is widespread. This feature was implemented by INTERVOLGARU for one of such companies.

Permissions based on user groups

The main task was to develop permissions for users to change “values” of fields. It allows administrators to restrict changing field values of CRM Deals and Contacts based on user groups. We developed a functional module which includes the following options: 

1. a current user is permitted to change Field value if they belong to a group whose members are allowed to change the value of the specific field. 

2. Any combination of Deal Field, Deal Stage, Deal Pipeline has its own set of user groups, whose members are allowed to change the field’s value. 

3. Each Contact Field has its own set of user groups, whose members are allowed to change the field’s value.

4. Custom deal and contact fields are supported as well as the built-in fields

Before the operation of changing a field value is invoked, the user’s permissions are verified and the operation continues with only the fields the user has permission to edit.

Restrictions do not apply to members of the ‘Administrators’ group, so the functionality of administrator role is maintained.

For users’ convenience on the CRM Deal details page, when Editing mode is activated, only field values are displayed instead of input controls for the fields they lack permission to edit. For example, if a current user is not allowed to change the value of ‘Name’ field, the form should look as on the following picture:


The same applies to CRM Contact form. Field edit permissions are configured in the administrative Control Panel.

The page is as follows:



When the ‘plus’ button is clicked, a standard group selector appears.


The administrator should select one or more user groups and click ‘Select’ button. These groups will be granted with permission to edit a particular field.

Field visibility management

The second step of development was the field visibility management implementation. 

For users’ convenience and security of confidential information, the module is enhanced with the ability to define users who can view CRM Deal and Contact fields. The module allows administrators to restrict CRM Deal and CRM Contact field visibility  based on user groups.

1. A Field is visible to a current user if he is a member of the group whose members are allowed to view the specific field.

2. Any combination of Deal Field, Deal Stage, Deal Pipeline has its own set of user groups which are allowed to edit the field.

3. Custom deal and contact fields are supported as well as the built-in fields.

Restrictions do not apply to members of the ‘Administrators’ group as usual.

So a user can view only those fields which are ‘visible to’ one or more groups the user belongs to:

1. In the list view of CRM Deals and Contacts.

Contact type is visible to current user

Contact type is not visible to current user

   

   


2. In the detailed view of CRM Deal and CRM Contact.

Contact type is visible to current user

Contact type is not visible to current user

   



3. In the detailed view of CRM Deal and CRM Contact (when Editing mode is activated).

Contact type is visible to current user

Contact type is not visible to current user

   

   



4. On ‘Deals’ tab of CRM Contact.

Deal Creation date is visible to current user

Deal Creation date is not visible to current user


   


A user cannot select the fields which he is not allowed to view.

1. There are no such fields in List View Settings.

ID is visible to current user

ID is not visible to current user

   

   



2. There are no such fields in ‘Select field’ menu on details page for both View and Editing modes.

Contact type is visible to current user

Contact type is not visible to current user

   

   


The module is also enabled to support restrictions for Bitrix24 Mobile application. The module allows administrators to restrict CRM Deal and CRM Contact field visibility and field value change based on user groups in the Mobile application.

Results

The module makes it possible to split responsibility for Deal and Deal stage among several employees. At the same time, every stage of a deal can have a different person in charge.

Assigning rights to fill and edit CRM Deal field, Assigning rights for visibility of fields by groups allows:

  • clarifying responsibility for operations by employees, 

  • preventing dissemination of confidential information,

  • distributing deal fields filling by employees.

  • The rights are flexibly configured, which allows the admin to include and exclude any employees when necessary.


Would you like the same or a similar module implemented for you? Do you need a CRM but can’t find one that suits your specific needs? 

Contact  INTERVOLGARU.


  • 02.09.2019
  • Elena Fedianova

  • Nikita Kalinin