Work Hours
8:00 am - 6:00 pm UTC+3

Aleksandr Davydov

Setting access permissions for regional departments in Bitrix24 CRM

We have been repeatedly asked, how to solve probelms with access permissions for several regional representative offices in one Bitrix24 CRM portal.

And at the same time the administration and accounting should be done by one of structural subdivisions of main office. Such organizational scheme suits for any net structures or franchise companies.

What does the problem consist of? It is required that every employee can see only its "own" Leads, Deals, Contacts and Companies in CRM. Additionally his manager has to see all elements by managers in regions, but not in other divisions. Top managers must have access to the regions. It is a conventional hierarchical access system.

Create company structure in Bitrix24 CRM

We suggest to create a department in our structure for every regional office.

Go to  Company -> add department



  • The Structure is clear and understandable.
  • It is possible to create a separate structure for every region. The structure will be shown in a separate window.


  • every employee of the company will be able to see every other employee in this company. There certainly will be mistakes while searching and assigning responsible persons. If a company has more than 1000 employees there will be full namesakes like "Ivan Petrov" or "Sergey Ivanov";
  • While enabling the option to address to all employees, there will be "information garbage" in the Activity Stream. That could happen when in Ekaterinburg everyone will discuss what kind of pizza to order for a lunch, while in Volgograd office the working day just began. We suggest to disable the option to address to all employees.


Setting access permissions in the CRM

In order to set access permissions in the CRM let's clarify employee roles. As everybody knows,it is impossible to set employee groups in Cloud version of Bitrix24. There is nothing left just to be satisfied by given list.

For convenience we have shown possible tasks and problems solving by employees in CRM in the table below. Let's appoint Groups and Roles in CRM for them.

In real life organization In Bitrix24 terms Tasks Employee groups Role in CRM
Headquarters Top level department    
Special department for interactions with regional divisions in structure of headquarters. Department    
Employee of Special department
Employee Has access to all CRM entities.Has access to sales reports. Administrators or Specific Employees Administrator
Regional division. Department    
Head of regional division Department manager Has access to all CRM entities in its region. Don't have access to CRM entities in other regions. Management Manager
Department in structure of a regional division Department    
Head of department of a regional division Department manager Has access to all CRM entities of its department. Doesn't have access to entities in other regions and departments. Management Manager
Employee Employee Has access to CRM entities created by him/her. Has "read only" access to CRM entities for his/her region and department only. Employees Employee

Roles here should be configured as follows:

Administrator role.


Manager role.

Notice that:

  • "User can edit settings" should be deselected;
  • Access to export should be denied.


Employee role:

Notice that:

  • an employee is allowed to read and add personal and department entities, but may edit only personal ones;
  • export must be forbidden;
  • “User can edit settings” checkbox must be unchecked.


In addition to these three roles you can create intermediate "Sales manager" and give him access to rule entities but not to export them.

How to set access permissions for Bitrix24 Tools 

We have tuned the CRM.There are several other instruments in Bitrix 24, but much less flexible that those in CRM. We tried to write out known problems and methods to solve them. Not everything can be automated in frameworks of portal. Paper instructions will help us with this.

For convenience we have gathered a Question-Answer table. Dear readers, if you have any question we can examine or any additional information for our solutions, please send it to us using form in the end of the article. Thanks!

Tasks — Can we forbid any employee to put a task to any other employee
No. Any employee can put a task to any other employee. It should be regulated in offline.
Calendar — How to make Unified event calendar (like corporate holidays) with possibility to connect it to every employee's personal calendar. Create an individual calendar for Administrator or Director called "Company Events", add it to the Favorite calendar section for all employees. Employees have to add it to favorites by themselves. In this case an employee will be able to see Company Events calendar it his calendar section. 
Drive — How to tune access so as employees can see folders only of their own department but not others in the Company Drive. Bind Drives to working groups of every department. Then this option will work as default.
For common needs of organization it is possible to tune Drive access for All users of the company. Practice shows that such resources usually turn to "file garbage cans".
Workgroups — Is it possible to restrict workgroups scope depending on departments. When creating a group add employees only of your department and forbid visibility and publicity for others.

Activity Stream — How to restrict message scope for your department. Forbid to address "All employees" and introduce penalties for Activity Stream spam.
CRM: How to provide access to all Deals for a manager who is responsible for sales in several regions. Place the employee to several departments holding SHIFT button.
How to bind a Deal to several Contacts? Create an additional field of "Bind to CRM elements" type and activate "Multiple" and "Contact" checkboxes.

  • 19.05.2016